Inets httpd and script security
Heinrich Venter
heinrich@REDACTED
Fri Nov 11 13:47:27 CET 2005
Hi
I have been playing around with inets:httpd and it is doing what I want.
The question now is how do I secure script execution?
I have the follwing in my config file
ErlScriptAlias /handler config
<Directory /handler/config>
AuthDBType=plain
AuthUserFile /tmp/passwd
AuthName Configuration
require user administrator
</Directory>
In other words, I have a module called config in the code path of my
application. If I get a request for
http://my.server:8888/handler/config/queues it will execute the function
config:queues/2
It does not execute the authorisation however. Since there is no
physical directory called handler I have nowhere to put an .htaccess
file. That is why I am trying to put the auth configuration in the main
config file.
Is this the way to secure script execution, or am I barking up the wrong
tree?
-]-[einrich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20051111/8452d1e6/attachment.htm>
More information about the erlang-questions
mailing list