From owner-freebsd-isp Mon Jan 31 10:40:38 2000 Delivered-To: freebsd-isp@freebsd.org Received: from sblake.comcen.com.au (sblake.comcen.com.au [203.23.236.144]) by hub.freebsd.org (Postfix) with ESMTP id 8D3A414BDB for ; Mon, 31 Jan 2000 10:40:33 -0800 (PST) (envelope-from aunty@sblake.comcen.com.au) Received: (from aunty@localhost) by sblake.comcen.com.au (8.9.3/8.9.3) id FAA48959 for freebsd-isp@freebsd.org; Tue, 1 Feb 2000 05:42:33 +1100 (EST) (envelope-from aunty) Date: Tue, 1 Feb 2000 05:42:33 +1100 From: aunty To: freebsd-isp@freebsd.org Subject: web access with unix password Message-ID: <20000201054233.A47517@comcen.com.au> Mail-Followup-To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I need to set up a new web site for users to do things like checking their usage stats and changing their password. There are server security problems with using the real password file or a derived .htaccess, but it's a while since I've been down this track. I'd like to present all the options with pros and cons before making the "right" decisions. Can anyone suggest where I might find the best up to date summary of the security issues and alternative approaches? -- Regards, -*Sue*- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message