Re: tlug: Use .htaccess, or ?

To: tlug@example.com
Subject: Re: tlug: Use .htaccess, or ?
From: Scott Stone <sstone@example.com>
Date: Wed, 21 Oct 1998 08:55:47 +0900 (JST)
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <Pine.LNX.3.96LJ1.1b7.981020191630.908Q-100000@example.com>
Reply-To: tlug@example.com
Sender: owner-tlug@example.com

On Tue, 20 Oct 1998, Jonathan Byrne - 3Web wrote:

> I need some opinions/advice on setting up controlled access to part of a web
> site.
> 
> I'm developing a web site which will be mostly public, but one part will be
> accessible only to members of the organization, and at this point it looks
> like they will probably all be sharing one userid and password (yes, I know
> exactly how secure this isn't, but it wasn't my idea :-(    ).   This site
> will be running on a virtual server under Apache.   Is this best handled by
> using .htaccess, or should it be done through a CGI, or is there some other,
> better way to handle it?
> 
> If .htaccess is the way to go, would this be all I needed to put in it:
> 
> AuthName If you get this wrong, your computer will explode
> AuthType Basic 
> AuthUserFile .htpasswd               # Where should I put this file
>                                      # on a system with a bunch of
>                                      # virtual servers on it?
> require valid-user 
> 
> 
> Will this .htaccess also protect all directories below it, or do I need to put
> one in each directory down the tree, if there are any?  (I think there won't
> be, but that could change.)
> 
> If they do decide to go with an assigned user-id and password for
> each person (I doubt they will), how large should the user database be
> allowed to get before going to a DB or DBM format?
> 
> And finally, any and all decent how-to sources on this are gratefully
> accepted.  My dead-tree editions have been kind of sparce on this, and I
> haven't found very much on the web so far either, except a useful article on
> www.apacheweek.com that got me this far.  Guess I haven't looked under just
> the right rocks yet.

well, I think you've got it all figured out.  This is how I
password-protect some of PHT's sensitive areas, although I just declare
the restrictions in /etc/httpd/conf/access.conf instead of with individual
.htaccess files (you can do it either way).

--------------------------------------------------
Scott M. Stone <sstone@example.com, sstone@example.com>
               <sstone@example.com>
Head of TurboLinux Development/Systems Administrator
Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan)
http://www.pht.com		http://armadillo.pht.co.jp
http://www.pht.co.jp	        http://www.turbolinux.com


---------------------------------------------------------------
Next Nomikai: 20 November, 19:30 Tengu TokyoEkiMae 03-3275-3691
Next Meeting: 12 December, 12:30 Tokyo Station Yaesu central gate
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp

References:
- tlug: Use .htaccess, or ?
  - From: Jonathan Byrne - 3Web <jq@example.com>

Prev by Date: tlug: What's happening at other LUGS? ... This is VanLUG:
Next by Date: Re: tlug: Use .htaccess, or ?
Prev by thread: RE: tlug: Use .htaccess, or ?
Next by thread: Re: tlug: Use .htaccess, or ?
Index(es):
- Date
- Thread

Home | Main Index | Thread Index