Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: Use .htaccess, or ?
- To: tlug@example.com
- Subject: Re: tlug: Use .htaccess, or ?
- From: dave@example.com (David E)
- Date: Wed, 21 Oct 1998 09:04:45 +0900 (JST)
- Content-Type: text/plain; charset=iso-2022-jp
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
At 8:01 PM 98.10.20 +0900, Jonathan Byrne - 3Web wrote: >will be running on a virtual server under Apache. Is this best handled by >using .htaccess, or should it be done through a CGI, or is there some other, >better way to handle it? .htaccess isn't the ultimate in security, but if they're all going to share a single username/password, then there can't be anything too secret in that directory anyway, can there? > >If .htaccess is the way to go, would this be all I needed to put in it: > >AuthName If you get this wrong, your computer will explode >AuthType Basic >AuthUserFile .htpasswd # Where should I put this file > # on a system with a bunch of > # virtual servers on it? >require valid-user You can put the file pretty well anywhere, but outside the public docs area makes sense. (You need the full pathname to the .htpasswd file in there, and you can actually give it any name you like.) The .htpasswd file is normally made using the htpasswd program. BTW, it's also quite easy to update/manage the .htpasswd file with a perl script, since it's just a text file with the username and encrypted (by crypt) password. >Will this .htaccess also protect all directories below it, or do I need to put >one in each directory down the tree, if there are any? (I think there won't >be, but that could change.) Yes, it will protect the directories below as well. >And finally, any and all decent how-to sources on this are gratefully >accepted. My dead-tree editions have been kind of sparce on this, and I >haven't found very much on the web so far either, except a useful article on >www.apacheweek.com that got me this far. Guess I haven't looked under just >the right rocks yet. > Webmonkey had an article on this a year or so ago: http://www.hotwired.com/webmonkey/html/97/08/index2a.html?tw=backend If you're going to have tons of usernames and passwords, there are a couple of apache modules for dealing with this using databases. They are called mod_auth_db and mod_auth_dbm. There's also one for host-based access, called mod_access. I've never used these modules, but they're explained in the apache docs. -dave- --------------------------------------------------------------- Next Nomikai: 20 November, 19:30 Tengu TokyoEkiMae 03-3275-3691 Next Meeting: 12 December, 12:30 Tokyo Station Yaesu central gate --------------------------------------------------------------- Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp
- Prev by Date: Re: tlug: Use .htaccess, or ?
- Next by Date: Re: tlug: strange ISP behavior
- Prev by thread: Re: tlug: Use .htaccess, or ?
- Next by thread: tlug: strange ISP behavior
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |