Date: Thu, 08 Apr 1999 12:40:05 -0700 From: Deepwell Internet <freebsd@deepwell.com> To: Ryan Mooney <ryan@pcslink.com> Cc: freebsd-isp@freebsd.org Subject: Apache users file (was Re: Web Based Script) Message-ID: <4.1.19990408123628.012aec70@mail1.dcomm.net> In-Reply-To: <199904071840.LAA11203@pcslink.com> References: <370B9C55.A7CE4059@eclipse.net.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
After reading the doc on apache.org I see you can use /etc/passwd for authentication, and I understand the reasons why not to. How would you go about doing this under FreeBSD? The passwords are shadowed into master.passwd and they also exist in a .db file. I wouldn't want to raise the permissions of httpd, and I don't want to open hte shadow file to everyone. At 11:40 AM 4/7/99 -0700, you wrote: > >> > Yes but "clever hacker"(TM) can run multiple requests >> > in parrallel for either one which basically renders the >> > whole delay thing of questionable value. >> >> ahhh - if you are running from inetd then POP is better in that respect >> as you can limit the number of connections per IP address, > >Good point. > >> in *that* case, then that is something httpd coders might want to think >> about (only on unauthenticated or bad attempts to login to a >> password-protected server). > >Not a bad idea, this would slow down unfreindly robots too... Maybe >some kind of threshold where if you see more than N requests/Y time >you start inserting gradually increasing delays until the requests/Y >fall below N (sort of like the thttpd traffic shaping, but more dynamic). >This could really help a lot of services like that... Some sort of >persistent pop daemon (not qpopper :) that understood connection limiting >could help the "connect every minute" weenies, does cuici (sp?) pop do >that? > >> still not ideal, because "clever hacker" >> could be changing the source to any of <insert number of hardware >> virtual servers on some machine "clever hacker" has owned> IP addresses, >> but it does make it a bit more tricky for them. > >Yeah, I've always believed in "good enough" security, you make your >stuff hard enough to get into that they go bother someone else (of >course the bar keeps getting raised). > >> as you say, if Joe Luser knew what an ssl client cert was ... :) > >>-=-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-<>-=-=-=-=-=-=-< >Ryan Mooney Phone (602)265-9188 PCSLink >ryan@pcslink.com Internet Services > NT is an excellent choice for managers who need to show that they used > up their fiscal year budget for hardware/software expenditures. ><-=-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-><-=-=-=-=-=-=-> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990408123628.012aec70>