[ic] passwording admin area via Apache

Mike Heins interchange-users@icdevgroup.org
Fri Oct 18 14:02:00 2002


Quoting Stefan Hornburg (Racke) (racke@linuxia.de):
> On Fri, 18 Oct 2002 13:43:36 -0400
> Mike Heins <mike@perusion.com> wrote:
> 
> > 
> > Quoting Dennis Chen (dchen@technicacorp.com):
> > > > Has anyone successfully used Apache authentication to add an 
> > > > additional
> > > > username/password protection on the admin area (and not the customer
> > > > part of the site)?  
> > > > 
> > > > I've been yet unable to use Apache style authentication (having and
> > > > .htaccess file, or a </Directory> section in the httpd.conf file) to
> > > > protect anything other than the entire catalog (by specifying the
> > > > authentication in the cgi-bin directory).
> > > > 
> > > > Thanks for any help,
> > > > Daniel
> > > 
> > > 
> > > I was looking into also that but couldn't figure out a solution so in the end
> > > I just decided to rename my admin/login.html to something else...
> > 
> > It is extremely easy to do in Apache -- and has undoubtedly been put on the
> > mail list many times. Here it is once again:
> > 
> > <LocationMatch /cgi-bin/*/(ui$|admin/)>
> >     AuthUserFile /etc/httpd/conf/htpasswd
> >     AuthGroupFile /etc/httpd/conf/htgroup
> >     AuthName Interchange-Admin
> >     AuthType Basic
> >     <Limit GET POST PUT>
> > 	require group icadmin
> >     </Limit>
> > </LocationMatch>
> 
> But that didn't protect any queries via the virtual process URL issued from
> within the UI.
> 

Which is why I am moving more and more often to this idiom in the
UI:

	<form action="[area admin/page_to_go_to]">
	<input type=hidden name=mv_action value=return>
	....
	</form>

I think you will find there are not that many [process] tags in
the devel UI.  It would be a useful goal to remove them all.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.513.523.7621      <mike@perusion.com>

For a successful technology, reality must take precedence over public
relations, for Nature cannot be fooled. -- Dick Feynman