RE: File permissions in an Apache enviroment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx] On Behalf Of 
> Joshua Slive
> Sent: Sunday, January 06, 2008 4:13 PM
> To: users@xxxxxxxxxxxxxxxx; tomas@xxxxxxx
> Subject: Re:  File permissions in an Apache enviroment
> 
> On Jan 6, 2008 3:04 AM, Tomas Larsson <tomas@xxxxxxx> wrote:
> > Well, the problem is I cant put the username and the 
> password in the 
> > url, http://user:passw@mydomain/scriptdir/script is not 
> allowed, thats 
> > the reason why I cant use .htpasswd to protect the dir.
> 
> That's a client restriction and has nothing to do with apache.

Yes I know, it's the way may hosts "CRON-job" implementation works.


> 
> > If it wasn't for this restriction I would be able to use 
> .htpasswd w/o 
> > any problem.
> > so-far Ive put 100 on the dir, and I have done some simple checks, 
> > like I cant wget anything from the dir, if I wget an 
> existing filename 
> > I get 0 bytes.
> 
> You can use Order/Allow/Deny to restrict by IP address. Other 
> than that, you need to specify how you expect to 
> differentiate between you authorized and unauthorized users.
> 
> Joshua.
Basically it is a MySQL backup-script written in PHP.
It is called by the "CRON-implementation" my host has.
It works by calling my virtual server with the url to the directory with the
script and the script itself, ie http://mydomain/scriptlocation/script.php
Obviously, doing it this way it is sort of open for the "general public"
provided that they know what to look for.
So obviously I don't want anyone else to go into it.
It should only be accessible for the Cron-command.
I guess that I need to implement some sort of password-control in the script
itself, but I want the directory totaly safe from anybody else.

With best regards

Tomas Larsson
Sweden
http://www.tlec.se
http://www.ebaman.com

Verus Amicus Est Tamquam Alter Idem


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux