Authentication ID generated from a script

Forum Moderators: phranque

Message Too Old, No Replies

Authentication ID generated from a script

How to generate an account on the fly ( user ID must be stored in access_lo

jfbeaulieu

10:06 pm on Dec 8, 2007 (gmt 0)

When one logon with some tools (like file manager, cpanel, etc..) there is an authentication ID that is stored in your access log file, second or third field. If I want to create such accounts on the fly and wish to have those user IDs being stored in the access_log file, what's the best way and how? I want to have a small system where a user can decide of his userID/password and be sure that it is stored in access_log.

gergoe

12:38 am on Dec 9, 2007 (gmt 0)

If you are referring to the built in "combined" logging format of Apache, then that ID is the username from a http authentication process. You can not set that from any script, rather it is sent by the browser, when the request is made to a protected resource (and while requesting resources from the same authentication realm, the browser will keep sending it when the previous authentication was successful).

You can configure Apache to protect any resource with such a protection using a static password file (read more here [httpd.apache.org]), and if you like brute-force solutions, you can alter that password file from your script, but I'd not do that. Instead, there's a much nicer way than this, you can handle the http authentication yourself with PHP, see [php.net ].

One thing you have to keep in mind; the username and the password are sent in clear text always with each request while staying in this authentication realm, so it is the least secure way of protecting resources.

jfbeaulieu

6:37 pm on Dec 11, 2007 (gmt 0)

Thanks a lot; I'll check your reference in detail but that's what I wanted to know and from your reply it seems possible to create such accounts on the fly. It may not be secure but there is some circusntancs where it is very useful. Thanks.