Restarting at the beginning for a moment..
The aim is as follows :
- a user connects to http://foo.com/
- he must and gets authenticated (say as "evilhacker")
- following this, he should have access, and only access, to the
documents located under /var/www/usersites/evilhacker/ ,
- so that his next request to say "http://foo.com/mybankpins.html"; gives
him the document /var/www/usersites/evilhacker/mybankpins.html
- and so that a request to, for instance
http://foo.com/../niceguy/mybankpins.html would not work.
- and if possible, we'd like to that without having to put a .htaccess
in each /var/www/usersites/*, with another Authxxxx & Require zzzz
I suppose this can be done with rewrites, but somehow I have this
feeling that it is very easy to make a mistake and leave some door open
for evilhacker to get a peek at what he shouldn't.
If I was thinking of this in mod_perl terms, I would think of some
solution whereby http://foo.com is a default VirtualHost to which
everyone connects at first and authenticates, then when there is a
user-id, calls would be redirected to another VirtualHost (*)(**), of
which dynamically the DocumentRoot would be set to
/var/www/usersites/(his user-id).
This way all the embedded paraphernalia of Apache would be playing along
to not let that person access something outside of his own DocumentRoot.
Now can some non-mod_perl Apache stuff achieve the same thing ?
(*) or maybe you don't even need that, and can do it all in the same host ?
(**) If it helps, this other VirtualHost might have a "fake" DNS name,
only available in the hosts file of the current host, so that people
from outside could not directly acess it, but it would recognise itself;
I'm not quite sure of that one, needs some more thought.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
