I've taken a quick look (my perl is not that great, but language is language).
What you can do, is inside the WebRequest() sub, create a new hash called %statRequests, which holds the pages which are accessible when given the "statistics"-password. Next up, the sub will check the given password against the webAdminPassword, and right after that, it will print the 401 authenticatin required part if there is no password given. In between, you can test for the statistic password and fetch a page from the %statRequest instead of the %webRequest. I highly doubt it would be more than 25 lines of code, and that would probably be the easiest solution to implement a dual password system without actually writing an ACL. Kevin wrote: > Joshua Thijssen wrote: >> Kevin wrote: >>> It looks like your patch made it into the next release of ASSP fyi. >>> >>> Personally i don't much like the idea of non-authenticated access to the >>> analyzer, however i think being able to specify a separate password that >>> can only access the analyzer would be beneficial. >>> >>> I'll see about tackling that once I'm done with my current "project" in >>> ASSP if no one else does. >> What you can do is create a separate webport, together with password and >> IP authentication. Although this is the most flexible, it would mean >> having a duplicate set of most of the web functionality. That's what I >> currently did (but stripped away the password authentication part). >> >> Secondly,mja a redesign of the current functionality to account for 2 >> different authentication-sets. This would make the web functions a bit >> more complex, but saves you the trouble of having a lot of redundant code. > > It's easier to just check the password and show either the admin gui or > the analyzer page only, based on the login. > It's already it's own page so it just needs a IF(is not admin) check to > hide the menu and another to deny access to the other pages. > > That's simplified a bit but the concept is there. > > People have requested real ACL for a while now so it might be time to > start looking into that....but thats a few steps away. > > Kevin > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
