|
Posted by Kenny Austin on 04/27/05 21:31
Bret Walker wrote:
> Hello all-
>
> I am looking for a way to protect a directory's contents by
> authenticating against Active Directory via LDAP. I currently have a
> nice little php script that tries to bind to LDAP via a username and
> password entered in a form. If it fails to bind, the user is denied
> access. If it succeeds in binding, it then checks to make sure the user
> is part of a specified group. It works wonderfully, but the problem
> I've run in to (obviously) is that the plain files (.pdf, images, etc)
> are not protected in any manner.
>
> I know you can use php to authenticate against a .htaccess file, and
> that you can use mod_auth_ldap (I'm using apache 1.3) to authenticate
> against LDAP. I would like to avoid using mod_auth_ldap if possible
> because it requires credentials to be stored in it, thus making the code
> less portable and more insecure.
auth_ldap doesn't require credentials to be stored in the .htaccess
file or anywhere else. It can work the same way as you described your
php login page (even supports group lookups).
> Is there any way to use some type of php trickery to protect all of the
> contents of a given directory?
store the files outside of the directory and use something like
"download.php?file=readme.txt" to serve them.
Kenny
[Back to original message]
|