Re: Re: Security issues

Yeah, that was my thought too, but the problem is file locking. Apache isn't going to honor any lock you put on the file, so with multiple httpd's hitting that .htaccess your definately going to get a mangled read somewhere along the line.

Update: That would be a cool Apache module wouldn't it? mod_dynamic_htaccess.

Comment on Re: Re: Security issues

Replies are listed 'Best First'.
Re: Re: Re: Security issues by Stamp_Guy (Monk) on May 29, 2001 at 20:30 UTC
I really like this idea. Is there any way around that problem? If anyone has any ideas, I'm all ears!	[reply]
Re: Re: Re: Re: Security issues by Xxaxx (Monk) on May 31, 2001 at 03:47 UTC
The .htaccess protected dir would have to be a gateway into the scripts. Otherwise the "okayed" user would be rechallenged for password after the .htpasswd file change. At least that is how it worked in a very quick and dirty test I did. If the .htaccess protected dir was just used as a gateway, then you could handle filelocking and "who's on first" problems in the standard way -- vhat ever dat is. But for this to work all subsequent pages might need to be dynamically served through scripts. This might be made to function in a limited sense for special cases. Such as low load, and pages which can be served dynamically after authenticated entrance. For me when it starts to get this complicated I go back and ask myself: "Why did I want to make it one-at-a-time in the first place?" ;-) Claude	[reply]


more useful options
	PerlMonks