Emulate mod_auth_mysql in nginx?

Floren Munteanu nginx at yqed.com
Sat Mar 21 13:56:21 MSK 2009

> If what you *really* want is a web interface to manage the users, simply
make (or pay someone to make) a web interface to manage the password files. 
Problem solved, no waiting for asynchronous mysql interface.

That is not a viable solution, you know it. Managing sensitive files in a
web environment is very unsecure, through a web interface. Ya, you can
create a htpasswd file into /etc/nginx dir for example and do a chmod
0700/chown nginx on it. Then, it is secure to stick in there your
usernames/passwords. But to use PHP or other language to manipulate
sensitive data through a POST that can get sniffed easy by anyone is simply
insane, IMO. Not to mention that your file has to be editable by anyone in
order to have your script write information into it...

More information about the nginx mailing list