[Chugalug] Access Control for LAMP
jnylen at gmail.com
Fri Oct 5 23:25:36 UTC 2012
On Fri, Oct 5, 2012 at 1:36 PM, Mike Harrison <cluon at geeklabs.com> wrote:
> 1. using .htaccess files is a crude and nasty nasty way to do this.
> Works, but even I stopped doing in circa 199x?
Actually this works pretty well for my personal server. Here is my setup:
- master password file containing all users and their hashed passwords (in
- set of shell scripts that slice and dice this file as needed for each
service, and create per-service htdigest files
- front-end for the shell scripts and files that helps me see who has
access to what, and lets me manage everything pretty nicely
- htaccess files containing a common "auth" section, each pointing to a
different digest file created by the scripts above
Rather than having to ensure that my applications all use the same auth
code, and that I am smart enough to make that work correctly, I just have
to copy a small section of a .htaccess file to each application, and let
Apache handle it. It would be a small step from there to parse the lists
of users and provide a "portal" to logged-in users (actually a pretty good
idea that I will try to work on).
What do you see as the drawbacks of using .htaccess files for
authentication? I feel like this system addresses most of them.
2. Basic/Simple auth over SSL (never plain text/http) is a
> great first step.
I agree, but I have a few services that should be accessible by http (to
avoid self-signed cert errors), so I use digest auth, with some stupid
workaround for IE6. Works for me since I never have any reason to support
IE5.x or older.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chugalug