Password protection system for web app

Jegenye 2001 Bt jegenye2001 at fw.hu
Tue Oct 14 15:38:52 EDT 2003 

Andrew Clover <and-google at doxdesk.com> wrote in message
news:2c60a528.0310141110.604acc0 at posting.google.com...
> "Jegenye 2001 Bt" <jegenye2001 at fw.hu> wrote:
>
> > Could someone please suggest a very lightweight solution for protecting
> > directories on a web server? (membership system)
>
> Depends on what the web server is, and how it's set up. The obvious
> solution for Apache is to put mod_auth stuff in .htaccess. You can then
> let Apache do both the authentication and the directory browsing.
>
Yes, it's Apache. (Sorry, I had thought that's obvious from my mentioning
.htaccess files in my original post.) (+Linux, actually)

>
> This can be done either by having the CGIs update the .htpasswd file
> directly, or with a database password backend like mod_auth_mysql.
>
And to have some open sourced Python code, which does exactly that, is what
I'd be happy with..

>
> Doing HTTP authentication yourself with CGI has problems. Primarily, that
> Apache doesn't pass the Authorization header to your scripts (unless you
> recompile it with the SECURITY_HOLE_PASS_AUTHORIZATION switch). With IIS
> you also have to be sure to turn all auth features off (anon access only)
> and remove the default error page for 403, or auth won't work.
>
Uh, that's valuable input, thanx for telling me. So it seems the
administering script itself cannot be protected that way..

> > Either HTTP basic authentication or cookie based authentication would
do.
>
> If you can only do standard-CGI, without proper config access to the
server,
> cookie-based auth is probably your easiest solution, yes.
>
Er, I'd be happy as well with some code which does this...

I really don't feeeeeeeeeeeeel like coding (and testing) this authentication
part at all, I'd just want to throw in some pre-made thinggy. ;)

Thanx a lot,
 Miklós


--
Prisznyák  Miklós
---
Jegenye 2001 Bt. ( mailto:jegenye2001 at parkhosting.com )
Egyedi szoftverkészítés, tanácsadás
Custom software development, consulting
http://jegenye2001.parkhosting.com

More information about the Python-list mailing list