KaiGai Kohei wrote:
But, I would like to set up the query as follows: AuthDBDUserRealmQuery \ "SELECT md5(uname || ':' || %s || ':' || upass) FROM uaccount WHERE uname = %s" ^^... to be realm to be user ... ^^It seems to me we have no way to put the replacement of the given realm prior to username. Am I missing anything?
I don't think so ... unless there's some way to rewrite the query so the username is the first parameter, I don't see any option with the existing code.
If we have no reasonable workaround, I would like to suggest a new directive: AuthDBDRealmUserQuery which specifies a query for digest authentication with realm and user parameters in this order? What's your opinion? # This is an aside. I would like to include a few additional conditions # in the query, such as remote address and so on. # For example, we can consider a web-user who can access via a certain # network address (like, 192.168.1.0/24), described as: # # SELECT md5(password) FROM uaccount \ # WHERE uname = %s AND unetwork >>= %s::inet;
I wonder if we could keep the existing config directives but allow them to access an optional additional parameter (or set of parameters). You could then write: AuthDBDUserRealmQuery \ "SELECT %s FROM uaccount WHERE uname = %s AND foo = %s" \ R,u,a where R,u,a meant realm, user, and remote IP address parameters were to be passed in that order. (We'd likely want to follow http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats as much as possible for the available parameters.) Just an idea at the moment ... alas, no matching implementation. Sigh. :-/ Chris. -- GPG Key ID: 366A375B GPG Key Fingerprint: 485E 5041 17E1 E2BB C263 E4DE C8E3 FA36 366A 375B
