You are here: [Fwd: Re: [PHP] LDAP and .htaccess] « PHP « IT news, forums, messages
[Fwd: Re: [PHP] LDAP and .htaccess]

Posted by Bret Walker on 04/27/05 22:19

Re: John Hinton

Perhaps my S/MIME cert. was preventing the text from coming through.

This message is unsigned.

Bret

-------- Original Message --------
Subject: Re: [PHP] LDAP and .htaccess
Date: Wed, 27 Apr 2005 14:08:14 -0500
From: Bret Walker <bret-walker@northwestern.edu>
To: php-general@lists.php.net
References: <426FD479.5010303@northwestern.edu>
<426FDA8E.2070807@muspellsheim.net>

Well, the download.php script would allow me to protect certian files,
but is there a way to protect all files? For example, images that I
would like to include in my php pages.

Could I silently pass a username and password to htaccess? Can htaccess
be set to use a php script instead of a htpasswd file?

Thanks,
Bret

Kenny Austin wrote:
> Bret Walker wrote:
>
>>Hello all-
>>
>>I am looking for a way to protect a directory's contents by
>>authenticating against Active Directory via LDAP. I currently have a
>>nice little php script that tries to bind to LDAP via a username and
>>password entered in a form. If it fails to bind, the user is denied
>>access. If it succeeds in binding, it then checks to make sure the user
>>is part of a specified group. It works wonderfully, but the problem
>>I've run in to (obviously) is that the plain files (.pdf, images, etc)
>>are not protected in any manner.
>>
>>I know you can use php to authenticate against a .htaccess file, and
>>that you can use mod_auth_ldap (I'm using apache 1.3) to authenticate
>>against LDAP. I would like to avoid using mod_auth_ldap if possible
>>because it requires credentials to be stored in it, thus making the code
>>less portable and more insecure.
>
> auth_ldap doesn't require credentials to be stored in the .htaccess
> file or anywhere else. It can work the same way as you described your
> php login page (even supports group lookups).
>
>
>>Is there any way to use some type of php trickery to protect all of the
>>contents of a given directory?
>
> store the files outside of the directory and use something like
> "download.php?file=readme.txt" to serve them.
>
> Kenny
>

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация