homepage Welcome to WebmasterWorld Guest from 107.22.127.92
register, login, search, subscribe, help, library, PubCon, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Visit PubCon.com
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library : Charter : Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Redirect/Limit Access to Files
How should this be done?
madcat




msg:962322		 11:52 pm on Feb 8, 2003 (gmt 0)

Hi everyone,

Not quite sure on where this one should go. I have a small application on my hosts server (Unix), that has about 10 regular html/php pages. The admin needs access to all pages, while users should only be able to view certain pages.

Rather than go into detail and get everyone confused, what might be some ways to approach this? Would I have to put each file in its own directory for read permissions? Should I have a separate login for users that redirects them to the correct portion of the application?

Thanks for any help on this!

 

Key_Master




msg:962323		 12:05 am on Feb 9, 2003 (gmt 0)

Does the admin have a static IP from his or her ISP?
andreasfriedrich




msg:962324		 12:33 am on Feb 9, 2003 (gmt 0)

madcat [webmasterworld.com] wrote at 11:52 on Feb. 09, 2003 in message #1 [webmasterworld.com]
Would I have to put each file in its own directory for read permissions? Should I have a separate login for users that redirects them to the correct portion of the application?

This will depend on the method you choose to restrict access. You could do it at the application level, web server level, or even the filesystem level.

At the application level youŽd determine at login time which access level the user has. Then when a request comes in youŽd check whether the userŽs access level is high enough to be granted access to the requested resource.

At the webserver level you could use AuthGroupFile [httpd.apache.org] and AuthUserFile [httpd.apache.org] to tell [url=http://httpd.apache.org/]Apache [httpd.apache.org][/url] about your users and groups and then Require [httpd.apache.org] the right user or group to access a directory.

At the fs level you could use a setuid wrapper script that will assume the required identity to access its files on the server.

Andreas

madcat




msg:962325		 6:48 pm on Feb 16, 2003 (gmt 0)

Thanks for your help. Just out of curiousity, which method do you believe works the best.
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of Pubcon Inc.
© Pubcon Inc. 1996-2012 all rights reserved