You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tom Browder <to...@gmail.com> on 2015/04/14 14:14:55 UTC
[users@httpd] AuthBasic Questions: Modify the pop-up message? Change auth cache time?
I now have basic authorization (under TLS) working okay, but I would
like to influence the user experience a bit via Apache behavior if
possible.
A few questions if you please:
1. Can I modify the pop-up message?
2. Can I change the cache behavior of the access?
As it is, my Google Chrome keeps the authorization cached for a long
time unless I change settings. I would like more control over that
server-side.
3. Is there good book or article on clear examples for such security
issues with modern Apache? The currently available books I have and
others I'm aware of are very old and do not address Apache 2.4.
Thanks.
Best regards,
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AuthBasic Questions: Modify the pop-up message?
Change auth cache time?
Posted by Tom Browder <to...@gmail.com>.
On Tue, Apr 14, 2015 at 2:11 PM, Pete Houston <ph...@openstrike.co.uk> wrote:
...
> Good luck,
Thanks, Pete, that's what I was afraid of. I hope mod_perl get
released for Apache 2.4 soon!
Best,
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AuthBasic Questions: Modify the pop-up message?
Change auth cache time?
Posted by Pete Houston <ph...@openstrike.co.uk>.
On Tue, Apr 14, 2015 at 07:14:55AM -0500, Tom Browder wrote:
> I now have basic authorization (under TLS) working okay, but I would
> like to influence the user experience a bit via Apache behavior if
> possible.
>
> A few questions if you please:
>
> 1. Can I modify the pop-up message?
Possibly. You can change the AuthName in the apache config and many
browsers will display that to the users. There's no obligation on the
browser to do that, however.
> 2. Can I change the cache behavior of the access?
>
> As it is, my Google Chrome keeps the authorization cached for a long
> time unless I change settings. I would like more control over that
> server-side.
Not without resorting to something really ropey. If you are keen to enable
such levels of customisation it is probably time to start looking beyond
Basic Auth and consider using server-side sessions and passing tokens
either via cookies or in the URLs.
Good luck,
Pete
--
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107