[thelist] Root and .htaccess

Keith cache at dowebscentral.com
Tue Jul 22 00:13:57 CDT 2003


At 11:58 PM Monday 7/21/2003, you wrote:
>I'll say this again and I should have expected this but - this is not
>the system I would design or keep and I'm not looking for suggestions on
>how to improve it. Going forward I am not going to use .htaccess at all
>so any suggestions to that end are wasted.

You framed it as *as the current system is right now*. Well, you ARE using 
htaccess Now.

>It was kind of loaded
>question (sorry) but the answer I wanted is just as I presented and it
>is valid for me just as I described it I swear. Basically a question of
>system security and data normalcy if you want to break it down. Try to
>take the question at face value if you can.

At face value you really only have one question, to give the root password 
to A) one or to B) many. The rest of it about who enters it in a local 
spreadsheet is an office management question.

I stand by the answer. If you want to suspect employees when things go 
wrong, give it to B) many, otherwise give it to A) only principals and the 
superuser employee. Between those two choices I of course pick B (I happen 
to like being sued by employees for wrongful discharge, but that's another 
story).

I went on to point out that the htaccess system is designed to not use the 
Operating System's password file (because it requires root access) by 
allowing you to route to password files that do not require root.  To use a 
password file other than the System's, you need to somehow encrypt the 
password. Perl is the easiest way to do that.

You didn't say that you are not allowed to consider a 15 minute alternative 
for turning a serious security problem into no security problem. Sorry for 
being so presumptuous.



Keith
====================
cache at dowebscentral.com



More information about the thelist mailing list