Date: Thu, 11 Jun 1998 10:33:54 -0400 (EDT) From: Daniel Hagan <dhagan@acm.vt.edu> To: "Abraham J. Stephens" <stephea@aasis.albany-academy.org> Cc: Britney Macklem <bmacklem@tacnet.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Password protection Message-ID: <Pine.BSF.3.96.980611103042.27245B-100000@cowpie.acm.vt.edu> In-Reply-To: <Pine.BSF.3.95q.980610183938.11545A-100000@aasis.albany-academy.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Jun 1998, Abraham J. Stephens wrote: > > To have users enter their own username and password requires a bit of cgi > > programming (to the best of my knowledge, maybe there's a package out > > there that does it for you). Shouldn't be too terribly hard though. > > You can do it with CGI, but there is a mod_auth_external module > out there for apache. With it you can write a script to check users off > your system passwd database. Assuming you mean /etc/passwd, this is probably not a good idea. It allows a person to hammer your passwd file guessing the root password. HTTP has no login failure logs, nor time-outs and such that are provided by login. I believe there is an article to this effect on the apache website somewhere. > If you want to be really safe you might look into a web server > that can handle SSL. > An excellent suggestion, isn't there an apacheSSL out there? Daniel ----- Daniel Hagan http://www.acm.vt.edu/~dhagan Head Admin dhagan@acm.vt.edu ACM at VT To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980611103042.27245B-100000>