[Chugalug] Access Control for LAMP

James Nylen jnylen at gmail.com
Fri Oct 5 23:25:36 UTC 2012


On Fri, Oct 5, 2012 at 1:36 PM, Mike Harrison <cluon at geeklabs.com> wrote:

> 1. using .htaccess files is a crude and nasty nasty way to do this.
>    Works, but even I stopped doing in circa 199x?
>

Actually this works pretty well for my personal server.  Here is my setup:

 - master password file containing all users and their hashed passwords (in
htdigest format)

 - set of shell scripts that slice and dice this file as needed for each
service, and create per-service htdigest files

 - front-end for the shell scripts and files that helps me see who has
access to what, and lets me manage everything pretty nicely

 - htaccess files containing a common "auth" section, each pointing to a
different digest file created by the scripts above

Rather than having to ensure that my applications all use the same auth
code, and that I am smart enough to make that work correctly, I just have
to copy a small section of a .htaccess file to each application, and let
Apache handle it.  It would be a small step from there to parse the lists
of users and provide a "portal" to logged-in users (actually a pretty good
idea that I will try to work on).

What do you see as the drawbacks of using .htaccess files for
authentication?  I feel like this system addresses most of them.


2. Basic/Simple auth over SSL (never plain text/http) is a
>    great first step.
>

I agree, but I have a few services that should be accessible by http (to
avoid self-signed cert errors), so I use digest auth, with some stupid
workaround for IE6.  Works for me since I never have any reason to support
IE5.x or older.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20121005/18db437a/attachment.html>


More information about the Chugalug mailing list