[users@httpd] Anti-password trading/sharing utilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello, all -
I have a number of Web sites that use a membership-based access system, using plain HTTP Auth. I know we've all used this type of protection in the past, so I thought I'd ask some questions about it.
For the last few weeks, I have been giving a considerable amount of time into the research and development of a script written in PHP to combat the use of stolen, traded, or otherwise unauthorized passwords. The idea is, make the system only allow one instance of said user/password combination, without disrupting normal business. I am, however, still open to suggestions before this is even complete.
There are a number of commercial products out there that work wonders, most notably ProxyPass. There's also one called iProtect, which I am not too fond of. These are actually Apache modules that utilize a number of techniques to ensure that only authorized hosts have access to a particular Web site based on a number of metrics including IP addresses, cookies, and timing.
I am looking for a similar utility, that will help combat the use of stolen, traded, or otherwise unauthorized passwords. I am hoping that some of you have had experience with this sort of problem in the past, if you've dealt with Web sites with a considerably large userbase that uses HTTP Auth. The solution that I am ultimately looking for will be Open Source, so that it can be modified with the author's permission, it will be safe, fast, and overall secure. However, it cannot be a "gateway" solution that would require a Webmaster to move or remove content, pages, or the like. With this in mind, the solution would preferrably be an Apache module.
Anyway, I thought I'd send this email out to as the group as a whole. I think that this area of security is not very well controlled, and with a little bit of brainstorming, we might be able to put some more control back in it. 

Thanks again for the time
-dant	

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux