Inets httpd and script security

Heinrich Venter <>
Fri Nov 11 13:47:27 CET 2005


Hi
 
I have been playing around with inets:httpd and it is doing what I want.
The question now is how do I secure script execution?
 
I have the follwing in my config file
 
ErlScriptAlias /handler config
 
<Directory /handler/config>
AuthDBType=plain
AuthUserFile /tmp/passwd
AuthName Configuration
require user administrator
</Directory>
 
In other words, I have a module called config in the code path of my
application.  If I get a request for
http://my.server:8888/handler/config/queues it will execute the function
config:queues/2
It does not execute the authorisation however.  Since there is no
physical directory called handler I have nowhere to put an .htaccess
file.  That is why I am trying to put the auth configuration in the main
config file.
Is this the way to secure script execution, or am I barking up the wrong
tree?
 
-]-[einrich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20051111/8452d1e6/attachment.html>


More information about the erlang-questions mailing list