Re: John Hinton Perhaps my S/MIME cert. was preventing the text from coming through. This message is unsigned. Bret -------- Original Message -------- Subject: Re: LDAP and .htaccess Date: Wed, 27 Apr 2005 14:08:14 -0500 From: Bret Walker <bret-walker@xxxxxxxxxxxxxxxx> To: php-general@xxxxxxxxxxxxx References: <426FD479.5010303@xxxxxxxxxxxxxxxx> <426FDA8E.2070807@xxxxxxxxxxxxxxxx> Well, the download.php script would allow me to protect certian files, but is there a way to protect all files? For example, images that I would like to include in my php pages. Could I silently pass a username and password to htaccess? Can htaccess be set to use a php script instead of a htpasswd file? Thanks, Bret Kenny Austin wrote: > Bret Walker wrote: > >>Hello all- >> >>I am looking for a way to protect a directory's contents by >>authenticating against Active Directory via LDAP. I currently have a >>nice little php script that tries to bind to LDAP via a username and >>password entered in a form. If it fails to bind, the user is denied >>access. If it succeeds in binding, it then checks to make sure the user >>is part of a specified group. It works wonderfully, but the problem >>I've run in to (obviously) is that the plain files (.pdf, images, etc) >>are not protected in any manner. >> >>I know you can use php to authenticate against a .htaccess file, and >>that you can use mod_auth_ldap (I'm using apache 1.3) to authenticate >>against LDAP. I would like to avoid using mod_auth_ldap if possible >>because it requires credentials to be stored in it, thus making the code >>less portable and more insecure. > > auth_ldap doesn't require credentials to be stored in the .htaccess > file or anywhere else. It can work the same way as you described your > php login page (even supports group lookups). > > >>Is there any way to use some type of php trickery to protect all of the >>contents of a given directory? > > store the files outside of the directory and use something like > "download.php?file=readme.txt" to serve them. > > Kenny > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
