Well, the download.php script would allow me to protect certian files, but is there a way to protect all files? For example, images that I would like to include in my php pages. Could I silently pass a username and password to htaccess? Can htaccess be set to use a php script instead of a htpasswd file? Thanks, Bret Kenny Austin wrote: > Bret Walker wrote: > >>Hello all- >> >>I am looking for a way to protect a directory's contents by >>authenticating against Active Directory via LDAP. I currently have a >>nice little php script that tries to bind to LDAP via a username and >>password entered in a form. If it fails to bind, the user is denied >>access. If it succeeds in binding, it then checks to make sure the user >>is part of a specified group. It works wonderfully, but the problem >>I've run in to (obviously) is that the plain files (.pdf, images, etc) >>are not protected in any manner. >> >>I know you can use php to authenticate against a .htaccess file, and >>that you can use mod_auth_ldap (I'm using apache 1.3) to authenticate >>against LDAP. I would like to avoid using mod_auth_ldap if possible >>because it requires credentials to be stored in it, thus making the code >>less portable and more insecure. > > auth_ldap doesn't require credentials to be stored in the .htaccess > file or anywhere else. It can work the same way as you described your > php login page (even supports group lookups). > > >>Is there any way to use some type of php trickery to protect all of the >>contents of a given directory? > > store the files outside of the directory and use something like > "download.php?file=readme.txt" to serve them. > > Kenny > -- Bret Walker Technical Support Consultant Medill School of Journalism Northwestern University 847-467-7845 847-491-2370 fax bret-walker@xxxxxxxxxxxxxxxx http://www.it.medill.northwestern.edu/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
