Emulate mod_auth_mysql in nginx?

Josh Turmel jturmel at gmail.com
Sat Mar 21 18:17:18 MSK 2009


Let's not forget about HTTPS, and as far as calling out that a specific HTTP
request method (POST) can you explain further your rationale?

On Sat, Mar 21, 2009 at 5:56 AM, Floren Munteanu <nginx at yqed.com> wrote:

>
>
> > If what you *really* want is a web interface to manage the users, simply
> make (or pay someone to make) a web interface to manage the password
> files.
> Problem solved, no waiting for asynchronous mysql interface.
>
> That is not a viable solution, you know it. Managing sensitive files in a
> web environment is very unsecure, through a web interface. Ya, you can
> create a htpasswd file into /etc/nginx dir for example and do a chmod
> 0700/chown nginx on it. Then, it is secure to stick in there your
> usernames/passwords. But to use PHP or other language to manipulate
> sensitive data through a POST that can get sniffed easy by anyone is simply
> insane, IMO. Not to mention that your file has to be editable by anyone in
> order to have your script write information into it...
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090321/c2d38bc9/attachment.html>


More information about the nginx mailing list