Re: [htdig] Security and access for privat websites


Subject: Re: [htdig] Security and access for privat websites
From: Andreas Vogt (a_vogt@gaia.de)
Date: Sun May 21 2000 - 17:00:00 PDT


Hi malcolm.austen, hi everybody
you wrote me:

> I intend to remove the "other" execute permission on htsearch and force
> all searches to go through a perl wrapper script. That wrapper will
> detect whether the request is coming from inside/outside our domain and
> force restrictions on which config files may be used.
>
> As long as the wrapper script is able to execute htsearch (that's just
> another permissions matter) then I haven't yet found a flaw in the plan.

Well, as far as I see, you can't solve my problem:

Some users are privileged and uses the "private" part of the webserver
from "outside".

So I can't distinguish between inside/outside as criteria for private/
public htsearch.

I should analyse if the "private" users had authorized properly.
But how can I find out in any wrapper script?

Bye
Andreas

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-unsubscribe@htdig.org
You will receive a message to confirm this.



This archive was generated by hypermail 2b28 : Mon May 22 2000 - 21:58:19 PDT