[Chugalug] Access Control for LAMP

Billy flushy at flushy.net
Fri Oct 5 22:03:01 UTC 2012


What about two way ssl?

You could do that on a virtual host basis. It would be an all or nothing thing.

There might be a need to modify an apache module to centralize the auth and perhaps do something using saml or other types of encryption over cookie schemes.



On Oct 5, 2012, at 12:58 PM, Eric Wolf <ebwolf at gmail.com> wrote:

> OMG! An honest-to-goodness Linux related post to CHUGALUG!
> 
> A client of mine has a series of LAMP applications running on the same server. They currently manage access control through separate htaccess files and giving out the URLs on a per customer basis. 
> 
> I need to implement a unified login across all their apps but it would be nice to not have to modify a bunch of code. Ideally, the system would have a central username/password (maybe even OpenID) and present a menu of apps available to that user. Access to the other apps not available to the user would be restricted even if the user worked out the URL.
> 
> The solution needs to pass basic security audits by IT flunkies at reasonably large non-tech companies.
> 
> Any thoughts? Tricks? Etc?
> 
> -Eric
> 
> -=--=---=----=----=---=--=-=--=---=----=---=--=-=-
> Eric B. Wolf                           720-334-7734
> 
> 
> 
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


More information about the Chugalug mailing list