Emulate mod_auth_mysql in nginx?
merlin at mahalo.com
Sun Mar 22 09:45:18 MSK 2009
On Sat, Mar 21, 2009 at 3:56 AM, Floren Munteanu <nginx at yqed.com> wrote:
> > If what you *really* want is a web interface to manage the users, simply
> make (or pay someone to make) a web interface to manage the password
> Problem solved, no waiting for asynchronous mysql interface.
> That is not a viable solution, you know it.
It is certainly a viable solution as Manilo indicates.
> Managing sensitive files in a
> web environment is very unsecure, through a web interface.
No more insecure than managing sensitive data through a web interface - in
either case you'll want SSL on top for any semblence of security.
> Ya, you can
> create a htpasswd file into /etc/nginx dir for example and do a chmod
> 0700/chown nginx on it. Then, it is secure to stick in there your
> usernames/passwords. But to use PHP or other language to manipulate
> sensitive data through a POST that can get sniffed easy by anyone is simply
> insane, IMO.
They can monitor the same POST requests to manage users in the database -
it's no more secure. As I said above, you'll want to place SSL on top, for
Not to mention that your file has to be editable by anyone in
> order to have your script write information into it...
Not really, it just needs to be editable by the user PHP is running as
(which I can control). Alternatively, the PHP could make requests to some
other service listening on localhost for insertion/removal from the file.
There's a million ways to skin a cat; however, personally if I'm gonna use
htpasswd authentication, I just manage it with htpasswd (sometimes
indirectly in bash scripts). Simple machines, for the win!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx