[plug] a question
Anthony J. Breeds-Taurima
tony at cantech.net.au
Sat Feb 17 08:03:11 WST 2001
On Thu, 15 Feb 2001, Stephen Hardman wrote:
> hey guys
> I want to create a members section linked to the passwd file from my main
> web site what would be the best way to go about this ?
Doing this for a web server that is accessable to the public is less than
desireable. This will allow infite attacks on your passwd file remotely in
an uncontrolled manner.
Having said that.
Make a .htaccess file that contains something similar to
---
AuthName "Members area"
AuthUserFile /etc/shadow
AuthType Basic
<Limit POST GET>
order deny,allow
deny from all
allow from all
require valid-user
</Limit>
---
and place in the directory you whish to protect.
Given that your web server is configured correctly (a modern distro should
ship configured right :)) that should be just about it.
A marginally better solution would be to write a script (perl, sed, awk or
shell) that grabs ONLY the user accounts from the shadow file, places that
somewhere. Then you point the .htaccess AuthUserFile at the new file.
You run the scrip from cron every now and then.
you can get LOTS of really usefull detailed info about configureing your
webserver from http://www.apache.org/ (CLick Server and then Docs, I can't
remember the full URL)
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/
More information about the plug
mailing list