homepage Welcome to WebmasterWorld Guest from 23.22.179.210
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Apache AuthBasic Letting more than 1 user in
Debb




msg:3820027
 6:09 am on Jan 6, 2009 (gmt 0)

HI -I just reread [httpd.apache.org...]
apache Authenticaion, Authorization, and Access.

When one uses Auth Basic it says -
"The directives above only let one person (specifically someone with a username of rbowen) into the directory. In most cases, you'll want to let more than one person in. This is where the AuthGroupFile comes in."

1. I understand that the directory is protected with a userid of rbowen, and a password, and that if one does not set up a group file then only that userid and password can log in.

It does not say if this userid/password can be used at the same time, by multiple people to login to the directory during the same time period? (That is, the directory is protected - and everyone is using the same userid/password & people don't have individual logins.) Is this true?

OR, another possibility - if person A is logged in with rbowen, then no-one else can login with rbowen until the Person A logs out?

Which one is true?

thnx

deb

 

bakerboy




msg:3820499
 8:58 pm on Jan 6, 2009 (gmt 0)

The credentials are sent with every http request, so there isn't really a "log in" involved. Multiple users can use the same log-in credentials at the same time.

bakerboy

Debb




msg:3821435
 10:09 pm on Jan 7, 2009 (gmt 0)

Reply, thank you for the answer.

If I go forward, as stated in the Apache documentaion and set up a group file ---

1. for 300 persons that I want to give the following ability to: click on emailed URLs so that they can view documents residing in the directory that I have protected with my .htaccess file.

2. I would set it up (I have to go back and look at the Apache auth doc) - but I think it would be with a userid / passwd, idividually for all the people, rather then all of them using the rbowen login credential.

3. Can I assume based on how you mentioned 'login credential' that each person becomes 'authorized' via being able to enter their userid and passwd - to view the file, copy it off, print it (whatever).

3. However, since these people never went through an 'authentication' procedure, such as a 'login' to the unix side, they are not 'unique'.
That is, even with a group file containing credentials for 300 persons; there can still be 2 Deb's authorized at the same time to view the file. (Just like there could have been multiple 'rbowen's viewing the file.

thanx again.

Deb

If one set up a group file for let's say 300 potential users - these users don't reside in the unix passwd file - because they don't intereact with the machine in that fashion. I want to

Demaestro




msg:3821448
 10:13 pm on Jan 7, 2009 (gmt 0)

Is there a reason you don't want to use a cookie based auth system?

[edited by: Demaestro at 10:14 pm (utc) on Jan. 7, 2009]

Debb




msg:3821480
 10:45 pm on Jan 7, 2009 (gmt 0)

From my days as a unix admin, I 'think' ;-) I have some 'clue' about controlling a directory. I don't have as much html programming, web development experience. I currently have no idea how to program a cookie into a web page. I sort of go in the direction I have some inkling about. Is a cookie something I program in - or is it something I ask Apache to implement for a web page? Are cookies used for basic html/css type pages - no sql - no php, etc.

ARe you saying something like - Deb tries to view the file - gets auhorized via apache - then I get a cookie - therefore I can become a unique Deb?

Did that make sense?

Demaestro




msg:3821611
 3:27 am on Jan 8, 2009 (gmt 0)

Deb,

A cookie based system would require some coding outside of Apache with some server side scripting like PHP or Python.

There is nothing wrong with a basic auth system, it is just when you have several users it is easier to manage and track all the activity of a logged in user if you use cookies.

Basically it would go like this....

Deb goes to an HTML login page, after a correct login your login method would set a cookie with a unique username. Then Deb requests a file from a private directory only accessible by a PHP/Python method. That method checks for the cookie and verifies the cookie, then fetches the file. So Deb would never get actually get access to that directory, but a method with access to that directory can serve the files.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved