Re: [SLUG] Passwords on the web

From: Backward Thinker (backwardthinker@juno.com)
Date: Fri Sep 24 2004 - 13:36:00 EDT


> I've got to provide a low-security password scheme

waka waka

> We aren't going to bother with SSL or try to avoid
> having passwords in the clear.

yuk yuk yuk

> For example, using .htaccess and .htpasswd files under
> HTTP would be nearly impossible, given the above
> parameters (for example, hundreds of constantly changing
> users).

Well, if you don't like .htpasswd you can look at some of
the mod_auth_* packages. If none suit your needs you can
even grab mod_auth_any (make sure it's not one of the
earlier ones with serious security problems) and suit it
to whatever purpose you like. That way you can make your
authentication system as highly (or lowly) secure as you
like!

> Has anyone seen a good solution, limited to CGI, Python
> or PHP?

Well, if you have no control over apache but do have
CGI/Python/Perl/PHP/whatever capabilities then I see two
mainstream solutions. You could use a redirector type
script, where the request hits your authentication script
and your authentication script will write the appropriate
page depending on their credentials and whatever other
parameters they passed (like page requested). Another
possibility is to set up your own apache document handler,
and have it allow/deny the client's request depending on
your criteria.

GL!
~ Daniel

________________________________________________________________
Get your name as your email address.
Includes spam protection, 1GB storage, no ads and more
Only $1.99/ month - visit http://www.mysite.com/name today!
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:01:00 EDT