On Mon, 4 Jun 2007 18:06:22 +0200 Peter Somogyi <[EMAIL PROTECTED]> wrote:
> Hi, > > We would like to have an autoindex-like file serving functionality of > apache web server that avoids usage of .htaccess file, but uses > filesystem's ACLs instead. Moreover we don't want to require wwwrun > to be allowed in every file/dir ACLs. > > For authentication we'd use e.g. mod_auth_external + pwauth. Please read up on why that's a huge security hole (I think it's described somewhere in apache's own documentation). > a newly written tool > which _becomes_ the authenticated user and lists directory content. That's what suexec (and its many cousins) are for. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
