At 7:39 PM -0500 12/20/00, Douglas Kline wrote:
>Thanks for your suggestion. Is is possible to use an .htaccess file to
>restrict access by username?
Well, this is the point of authentication methods. You could
certainly make a username/password pair for htdig alone. Or, as Dave
Salisbury mentioned, you could allow access from one particular
machine--assuming of course that you have a dedicated indexing
machine or you're running it on the server itself. I believe you can
do combinations of both of these restrictions too.
You say "but the only thing protecting the password is file
permissions" for the authorization and -u flag to htdig. True, but...
I'd guess that if making the config file owned by root isn't good
enough, other passwords on your system are vulnerable. (e.g. cracking
the .htaccess passwords by brute force isn't bad if you have the
crypt readable in front of you.)
--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
List archives: <http://www.htdig.org/mail/menu.html>
FAQ: <http://www.htdig.org/FAQ.html>
