You might want to take a look at using digest authentication, which sends a MD5
digest of the pasword instead of the actual password.
http://httpd.apache.org/docs/howto/auth.html
> I have written some php-based internal systems for our users. Users are
> required to authenticate to access this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I am wondering if any of you have had similar problems. What is a more
> secure way for people to login? Is SSL an option, and if so, how do I
> go about using it? Do I have to purchase a certificate? Or is there
> some other option? Finally, sh
Hello all,
I have written some php-based internal systems for our users. Users are
required to authenticate to access this system, and their login
determines what they are allowed to do within the system. I am
concerned that their logging in with cleartext passwords is a security
risk. I work i
You might want to take a look at using digest authentication, which sends a MD5 digest
of the pasword instead of the actual password.
http://httpd.apache.org/docs/howto/auth.html
> I have written some php-based internal systems for our users. Users are
> required to authenticate to access this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I am wondering if any of you have had similar problems. What is a more
> secure way for people to login? Is SSL an option, and if so, how do I
> go about using it? Do I have to purchase a certificate? Or is there
> some other option? Finally, s
Hello all,
I have written some php-based internal systems for our users. Users are
required to authenticate to access this system, and their login
determines what they are allowed to do within the system. I am
concerned that their logging in with cleartext passwords is a security
risk. I work
On Fri, 19 Apr 2002, Jan Johansson wrote:
>
> Then they dont know what they are saying, i would say that Tripwire / AIDE /
> such will be 100% efficient in detecting kits _PROVIDING_ that your database
> is current, and is stored in a tamper-proof location... and ofcource you
> actually use
On Fri, 19 Apr 2002, Jan Johansson wrote:
>
> Then they dont know what they are saying, i would say that Tripwire / AIDE / such
>will be 100% efficient in detecting kits _PROVIDING_ that your database is current,
>and is stored in a tamper-proof location... and ofcource you actually use and
On Mon, 22 Apr 2002 22:35:53 +1000
Ian Cumming <[EMAIL PROTECTED]> wrote:
>
> Marcin,
>
> I've come across this problem too. I think i searched freshmeat.net, and
> found a few scripts which did the trick - however I wasn't confident
> enough to put them into place.
>
> Is www a priority? You c
Marcin,
I've come across this problem too. I think i searched freshmeat.net, and
found a few scripts which did the trick - however I wasn't confident
enough to put them into place.
Is www a priority? You could write a simple perl script which securely
launched passwd, and set the script to be the
On Mon, 22 Apr 2002, martin f krafft wrote:
> did you try my suggestion? it does what you want...
Working perfectly, thanks
NE
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
also sprach Nik Engel <[EMAIL PROTECTED]> [2002.04.22.1236 +0200]:
> That is clear, but i want to have an .htpasswd auth from outside anf
> from inside noauth for the same host:
>
> meaning :
> .htpassws for any/0 ! 192.168.0.0/8
>
> is this suitable ?
did you try my suggestion? it does what you
On Mon, 22 Apr 2002 22:35:53 +1000
Ian Cumming <[EMAIL PROTECTED]> wrote:
>
> Marcin,
>
> I've come across this problem too. I think i searched freshmeat.net, and
> found a few scripts which did the trick - however I wasn't confident
> enough to put them into place.
>
> Is www a priority? You
On Mon, 2002-04-22 at 12:36, Nik Engel wrote:
> On Mon, 22 Apr 2002, martin f krafft wrote:
> > > Meaning to say, htaccess ist only working from outside. But when i
> > > want
> > > to reache the apache sever from the inside network i don need to
> > > authenticate ?
> >
> > Order Allow,Deny
> >
On Mon, 22 Apr 2002, martin f krafft wrote:
> > Meaning to say, htaccess ist only working from outside. But when i
> > want
> > to reache the apache sever from the inside network i don need to
> > authenticate ?
>
> Order Allow,Deny
> Allow from 10.0.0.0/8
> AuthName "realm name"
> AuthType Basic
Nik Engel wrote:
Meaning to say, htaccess ist only working from outside. But when i want
to reache the apache sever from the inside network i don need to
authenticate ?
http://httpd.apache.org/docs/howto/auth.html#access
You can set an allow for your local network so that it is explicitly a
Marcin,
I've come across this problem too. I think i searched freshmeat.net, and
found a few scripts which did the trick - however I wasn't confident
enough to put them into place.
Is www a priority? You could write a simple perl script which securely
launched passwd, and set the script to be th
also sprach Nik Engel <[EMAIL PROTECTED]> [2002.04.22.1204 +0200]:
> Meaning to say, htaccess ist only working from outside. But when i want
> to reache the apache sever from the inside network i don need to
> authenticate ?
Order Allow,Deny
Allow from 10.0.0.0/8
AuthName "realm name"
AuthType Ba
Lars Roland Kristiansen writes:
> Hi and thanks i did look at the man pages but i am completly new to
> firewalls so i got more confused than i was before. A little extra - when
> i use LOG i can tjek out the messeges using syslog or dmesg - is there
> a way i can filter this LOG information in
Hi !
Is it possible to limit the use of htaccess files in Apache to virtual
hosts ?
Meaning to say, htaccess ist only working from outside. But when i want
to reache the apache sever from the inside network i don need to
authenticate ?
__
On Mon, 22 Apr 2002, martin f krafft wrote:
> did you try my suggestion? it does what you want...
Working perfectly, thanks
NE
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Mon, 2002-04-22 at 11:24, Lars Roland Kristiansen wrote:
> Hi and thanks i did look at the man pages but i am completly new to
> firewalls so i got more confused than i was before. A little extra - when
> i use LOG i can tjek out the messeges using syslog or dmesg - is there
> a way i can filter
Hi all.
I must have changing password via WWW.
There is many idea - cgi script, C code (PAM module functions), PHP.
But whis will be the best - simple and secure.
I thinked about setting shell as /bin/passwd but I not be able to do that,
because I don't want to enable anything else to users.
(In
Hi and thanks i did look at the man pages but i am completly new to
firewalls so i got more confused than i was before. A little extra - when
i use LOG i can tjek out the messeges using syslog or dmesg - is there
a way i can filter this LOG information into its own log file in /var/log
?
tha
If you run php in safe mode and set your PHP open_basedir to the
DocumentRoot for the domain, then they cannot open any files outside of
that directory. In php.ini:
safe_mode = on
Then in your :
php_admin_flag engine on
php_admin_value open_basedir "/var/www/vhosts/domain.com/htdocs:/tmp"
I
also sprach Nik Engel <[EMAIL PROTECTED]> [2002.04.22.1236 +0200]:
> That is clear, but i want to have an .htpasswd auth from outside anf
> from inside noauth for the same host:
>
> meaning :
> .htpassws for any/0 ! 192.168.0.0/8
>
> is this suitable ?
did you try my suggestion? it does what yo
On Mon, 2002-04-22 at 12:36, Nik Engel wrote:
> On Mon, 22 Apr 2002, martin f krafft wrote:
> > > Meaning to say, htaccess ist only working from outside. But when i
> > > want
> > > to reache the apache sever from the inside network i don need to
> > > authenticate ?
> >
> > Order Allow,Deny
> >
On Mon, 22 Apr 2002, martin f krafft wrote:
> > Meaning to say, htaccess ist only working from outside. But when i
> > want
> > to reache the apache sever from the inside network i don need to
> > authenticate ?
>
> Order Allow,Deny
> Allow from 10.0.0.0/8
> AuthName "realm name"
> AuthType Basi
Nik Engel wrote:
> Meaning to say, htaccess ist only working from outside. But when i want
> to reache the apache sever from the inside network i don need to
> authenticate ?
http://httpd.apache.org/docs/howto/auth.html#access
You can set an allow for your local network so that it is explicit
also sprach Nik Engel <[EMAIL PROTECTED]> [2002.04.22.1204 +0200]:
> Meaning to say, htaccess ist only working from outside. But when i want
> to reache the apache sever from the inside network i don need to
> authenticate ?
Order Allow,Deny
Allow from 10.0.0.0/8
AuthName "realm name"
AuthType B
Lars Roland Kristiansen writes:
> Hi and thanks i did look at the man pages but i am completly new to
> firewalls so i got more confused than i was before. A little extra - when
> i use LOG i can tjek out the messeges using syslog or dmesg - is there
> a way i can filter this LOG information i
Hi !
Is it possible to limit the use of htaccess files in Apache to virtual
hosts ?
Meaning to say, htaccess ist only working from outside. But when i want
to reache the apache sever from the inside network i don need to
authenticate ?
__
On Mon, 2002-04-22 at 11:24, Lars Roland Kristiansen wrote:
> Hi and thanks i did look at the man pages but i am completly new to
> firewalls so i got more confused than i was before. A little extra - when
> i use LOG i can tjek out the messeges using syslog or dmesg - is there
> a way i can filte
Hi all.
I must have changing password via WWW.
There is many idea - cgi script, C code (PAM module functions), PHP.
But whis will be the best - simple and secure.
I thinked about setting shell as /bin/passwd but I not be able to do that,
because I don't want to enable anything else to users.
(I
Hi and thanks i did look at the man pages but i am completly new to
firewalls so i got more confused than i was before. A little extra - when
i use LOG i can tjek out the messeges using syslog or dmesg - is there
a way i can filter this LOG information into its own log file in /var/log
?
th
> If you run php in safe mode and set your PHP open_basedir to the
> DocumentRoot for the domain, then they cannot open any files outside of
> that directory. In php.ini:
>
> safe_mode = on
>
> Then in your :
>
> php_admin_flag engine on
> php_admin_value open_basedir "/var/www/vhosts/domain.com/
38 matches
Mail list logo
