authorization based on file system ACL
A while back I posted a question on the list regarding the existence of an Apache module that did authorization based on file system ACL. I didn't get any responses, and being unable to find anything like that, ended up developing one myself. If anyone's interested, it's available from: http://www.csupomona.edu/~henson/www/projects/mod_authz_fsacl If you try it out, I'd appreciate any feedback you might provide... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768
Re: Apache modification questions
Hi, A post doesn't normally have anything in the > QUERY_STRING. Rather a POSTed form has the stuff > being sent in the request body, which is read from > STDIN by a script. QUERY_STRING is still available > for use. Consider this form: > > form method=post action=myscript.cgi > input name=emailaddress > > The "emailaddress" input would NOT appear > in QUERY_STRING, but rather would appear to > the script as STDIN, or to another module as > the request body. You can still do: > > form method=post action=myscript.cgi?id=reallyunique > input name=emailaddress U yeah you are right, I am not thinking. Cheers, Andrej
Re: Apache modification questions
> This is a bit awkward since the QUERY_STRING in POST > can be anything, for example an XML-documents. .. > Though, how should I deal with, for example, an > XML-document in a POST requests? Where should I > "hide" the transaction identifier? A post doesn't normally have anything in the QUERY_STRING. Rather a POSTed form has the stuff being sent in the request body, which is read from STDIN by a script. QUERY_STRING is still available for use. Consider this form: form method=post action=myscript.cgi input name=emailaddress The "emailaddress" input would NOT appear in QUERY_STRING, but rather would appear to the script as STDIN, or to another module as the request body. You can still do: form method=post action=myscript.cgi?id=reallyunique input name=emailaddress -- Ray Morris