Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Create .htpasswd dynamically from database w/ MD5 password?
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Apache
Author Message
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6433
PostPosted: Fri Jul 04, 2008 11:43 am Reply with quote
I've seen htpasswd / staccess files that use MD5 passwords, using "AuthType Digest" instead of "AuthType Basic" in htaccess.

Couple of questions:
- Has anyone used this? Issues?
- Could a script be specified as the htpasswd / staccess file to retrieve user and password from the a database? (of course, this script would be deny from all in htaccess!)

I think this is possible - if not, have a cron job that generates the htpasswd / staccess file periodically.

_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG 
View user's profile Send private message
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
PostPosted: Fri Jul 04, 2008 2:48 pm Reply with quote
Seems to me that Digest should work in the same way as Basic except that it's 'Private' and the files data is sent MD5 encoded across/through the network i.e. when the file is 'read' the data is not human readable.

I'm not clear on your intent but it is possible to use 'prepend' as an htaccess directive i.e. regardless of which file is used by whatever script, xxx.php must be processed/used first.
Code:



# set .secret extension to be PHP


AddType application/x-httpd-php .secret





# match the .secret extension


<FilesMatch "\.secret$">


# set the prepend file setting


php_value auto_prepend_file "secret.php"


</FilesMatch>


Edited to correct typo
 
View user's profile Send private message Send e-mail
kguske
PostPosted: Fri Jul 04, 2008 3:35 pm Reply with quote
I wonder how many hosts have that installed. I'm trying to password protect a podcast, but most readers seem to have problems with passwords.
 
Guardian2003
PostPosted: Fri Jul 04, 2008 3:49 pm Reply with quote
Hmm yes, I can see how that could be tricky. I'm assuming the need is to pass protect the stream itself and not access to the link from where the stream is downloaded (as the link is in an RSS/MXL dataset?).
Interesting but I'll have to ponder this one though something is rattling away in the back of my head. I'm sure I have read something like this.
 
Guardian2003
PostPosted: Fri Jul 04, 2008 4:04 pm Reply with quote
OK, yes I see the problem. If you pass protect a directory in which the source is located, it pops up the auth box and no problem if you are using a browser.
But if you are accessing the link through a feed reader it falls over - interesting!
 
kguske
PostPosted: Fri Jul 04, 2008 4:28 pm Reply with quote
Looks like a key parameter is the only option. I wouldn't want someone to have to put their user and pw in a URL...
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Apache


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©