You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by sa...@c2.org on 1996/06/04 01:14:16 UTC

protecting .htacess files from other users

	A user of mine had an interesting idea.

	He is using .htaccess and my mod_ecash to charge people to see
his web pages. But they have to be world readable so anyone with an
account here can read them.

	His idea, was to create

/www/u/user/guess/this/directory/path/sucker/

	all executable but not readable.

	The URL to the files in that directory though, would be

http://www.c2.net/~user/[ENCRYPTEDSTRING]/

	Webserver would see encrypted string, know the key, decrypt
away, and serve the right file.

	Basically it would be a fancy form of "Alias". Call it
"CryptAlias" or something.

	Anyone else think this is a good idea? Enough to write it? (I
wish I could write it, but I am moving my office. Swamped beyond
belief.)
	
-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net

Re: protecting .htacess files from other users

Posted by "Jason A. Dour" <ja...@bcc.louisville.edu>.

-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 3 Jun 1996 sameer@c2.org wrote:
> 	A user of mine had an interesting idea.

	Hmmm.

	Nathan had an idea he proposed to me either in USENET or private
email (I forget which)... 

	He proposed a more generic UID switching ability for use as a
Action or Handler.  This would allow someone to say, "I want the WWW
server to access these pages as me."  Then, this person could set their
permissions to only be accessible by themselves.

	Nathan, could you rehash that idea, if it's near the top of your
brain? I'd have to go digging through my email archives...could be messy.
8)

Jason
+ Jason A. Dour                       jad@bcc.louisville.edu               +
| Programmer Analyst II               http://www.louisville.edu/~jadour01/ |
| Dept. of Radiation Oncology         Finger for Geek Code, PGP Public Key,|
+ University of Louisville            PJ Harvey info, and other stuff...   +

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbQWsZo1JaC71RLxAQE86wP/YaMNr7+F3jmorC+tFzMMiU/PoneDgh8p
p6yR2K35aEzQzsMTVCWtGeK/w1UMyndzPslnAbV0jNSgolMxIpMC+Qrq3JDugDnw
9C2mGIv1aAOx7BRRKZWNIk9LtcvCUBUFekV3H7PaWA5XzTi5VbQGMOjiZXYTVXgX
8BY3u90oAVg=
=swgo
-----END PGP SIGNATURE-----