On Wed, Sep 03, 2003 at 02:03:14PM -0500, Puneet Kishor wrote: > Puneet Kishor wrote: > > oh... and another problem with .htaccess I forgot to mention -- > > once you are in, you are in for everything. So, as I mentioned in my > original query -- "How do I prevent the user from going directly to > mywebsite/foo.tmpl or whatever else? "
<<sorry replied off list>> Not true. You are in for the Authorization Realm (AuthName in .htaccess) as long as the credentials are valid and in the valid user or group list. In other words the browser now conveniently presents the userid/password with each request instead of prompting you with its dialog. They are still verified with each request. The problems with Basic Auth are the classic issues of "you cannot log out" and "you get the ugly browser login dialog." A question for your issue is, what is your target platform? And, what kind of control do you have over it? If you are creating a generic cgi script that will be distributed to many people with different hosting environments then you're probably stuck coding the authorization into your content handlers (probably something like in a base class for all your cgi scripts check for a cookie user_id and verify it). On the other hand if you are coding for a mod_perl enabled server that you have full control over then I would recommend you take a look at Apache::AuthCookieDBI ( a subclass of Apache::AuthCookie ). You can either use it directly or as a model for how to code the authentication and authorization phases of Apache. Once that's setup and working all you have to do is drop in .htaccess files in whatever directory you want protected (or put it in the Directory section in your httpd.conf) and say what groups or users are authorized to run these scripts. -- Ron Mahoney Ra Security Systems, Inc. [EMAIL PROTECTED] 908-534-6004 x21 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Html-template-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/html-template-users
