Re: Dynamic Directory Protection - An authorization related question.

2000-09-03 Thread Jonathan Leto

 
 Problem:
 For Authentication and Group Authorization, changes in the database will be
 reflected without restarting Apache. Not so for the URI Directory part of
 it.
 
 I have thought about restarting Apache from time to time, but thinking there
 must be a "lazier" way with performance consideration.

What about a cron script that creates .htaccess files in the needed directories ?

 
 
 Thanks for any comments or tips.
 
 
 Simon Wei
 
 

-- 
[EMAIL PROTECTED] 
"With pain comes clarity."





Re: Dynamic Directory Protection - An authorization related question.

2000-09-03 Thread Michael Robinton

 
 I am trying to implement a database driven solution for a small university
 website (300+ users) and quite happy with Authentication and Authorization
 packages provided by mod_perl. However, there doesn't seems to be a solution
 to dynamically protect a directory without restarting Apache.
 
 What I will like to do:
 Store the URI Directory need to be protected in the database with the
 permitted Groups.
 
You can do that by changing the user portion of that authenticates the 
credentials and returns the session key. Place the allowed directories in 
the encrypted key. In the auth- session key portion you can check all 
kinds of things like the allowed path, session expiration, specific files 
you want disallowed in various directories, etc...



Re: Dynamic Directory Protection - An authorization related question.

2000-09-03 Thread Simon Wei

Thanks guys!
(Michael Hanisch, Michael Robinton, Jonathan Leto)

I think the session key idea will work for me, just hoping there are a
generic solution out there. This is a typical problem why people turn to
LDAP, but LDAP is just so horrible to administer.

Regards,

Simon Wei


  Hi:
 ReHi

  packages provided by mod_perl. However, there doesn't seems to be a
solution
  to dynamically protect a directory without restarting Apache.
 
  What I will like to do:
  Store the URI Directory need to be protected in the database with the
  permitted Groups.
 
  What I have done:
  Using Perl and DBI in httpd.conf, and query the database for the
directory
  information every time Apache starts.
 
  Problem:
  For Authentication and Group Authorization, changes in the database will
be
  reflected without restarting Apache. Not so for the URI Directory part
of
  it.
 Hmm, sorry if this sounds stupid, but...
 What keeps you from querying the DB on every request, i.e. in a
 custom-built Authen/Authz-handler?
 On a site with a small userbase, the overhead should be neglectable.
 Besides, you can still cache the query results in memory and expire them
 after a certain time.
 Or did I miss something here?
 BTW: There are several modules on CPAN that do what you want (if I did get
 what you want, that is ;)

 Regards,
 Michael.


  I have thought about restarting Apache from time to time, but thinking
there
  must be a "lazier" way with performance consideration.
 
 
  Thanks for any comments or tips.