Re: Custom http auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 8, 2009 at 9:04 AM, Tom Evans <tevans.uk@xxxxxxxxxxxxxx> wrote:
> On Wed, 2009-04-08 at 14:43 +0200, ml@xxxxxxxxx wrote:
>> Hello List,
>>
>> is there a way to build or code or make  a custom HTTP Auth? The plain
>> htaccess one looks ugly and has not all the features that i want.
>>
>> Are there any alternatives?
>>
>> Cheers,
>> Mario
>>
>
> http://httpd.apache.org/docs/2.2/howto/auth.html
>
> HTH
>
> Tom


The way the auth looks is determined by your browser. The Apache
server just tells the browser that a certain kind of auth is required,
and the browser does what ever it's programmer's told it to do to
satisfy that auth (e.g., presenting the user with a dialog box). If
you want pretty auth, your best bet is to implement it in your server
side scripting, but this is non-trivial if you want it to actually be
secure. Not that it's impractical to do, but there is more that needs
to go into it than a lot of web site designers seems to think.
Specifically, making sure a person's password is not visible in the
network traffic is key, and also making sure that the same submitted
login tokens are not valid more than once (even if encrypted, Mallory
can just resubmit the same encrypted values to hack in as a different
user). The most secure auth is always done over SSL.

-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux