|
Posted by Bret Walker on 04/27/05 22:19
Re: John Hinton
Perhaps my S/MIME cert. was preventing the text from coming through.
This message is unsigned.
Bret
-------- Original Message --------
Subject: Re: [PHP] LDAP and .htaccess
Date: Wed, 27 Apr 2005 14:08:14 -0500
From: Bret Walker <bret-walker@northwestern.edu>
To: php-general@lists.php.net
References: <426FD479.5010303@northwestern.edu>
<426FDA8E.2070807@muspellsheim.net>
Well, the download.php script would allow me to protect certian files,
but is there a way to protect all files? For example, images that I
would like to include in my php pages.
Could I silently pass a username and password to htaccess? Can htaccess
be set to use a php script instead of a htpasswd file?
Thanks,
Bret
Kenny Austin wrote:
> Bret Walker wrote:
>
>>Hello all-
>>
>>I am looking for a way to protect a directory's contents by
>>authenticating against Active Directory via LDAP. I currently have a
>>nice little php script that tries to bind to LDAP via a username and
>>password entered in a form. If it fails to bind, the user is denied
>>access. If it succeeds in binding, it then checks to make sure the user
>>is part of a specified group. It works wonderfully, but the problem
>>I've run in to (obviously) is that the plain files (.pdf, images, etc)
>>are not protected in any manner.
>>
>>I know you can use php to authenticate against a .htaccess file, and
>>that you can use mod_auth_ldap (I'm using apache 1.3) to authenticate
>>against LDAP. I would like to avoid using mod_auth_ldap if possible
>>because it requires credentials to be stored in it, thus making the code
>>less portable and more insecure.
>
> auth_ldap doesn't require credentials to be stored in the .htaccess
> file or anywhere else. It can work the same way as you described your
> php login page (even supports group lookups).
>
>
>>Is there any way to use some type of php trickery to protect all of the
>>contents of a given directory?
>
> store the files outside of the directory and use something like
> "download.php?file=readme.txt" to serve them.
>
> Kenny
>
Navigation:
[Reply to this message]
|