[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Password Authenticated Sites (Methods)

Subject: Re: [cobalt-users] Password Authenticated Sites (Methods)
From: "David Chandler" <dchan@xxxxxxxxxxxxxxx>
Date: Fri Jul 21 13:08:55 2000

Well, I've used .htaccess/.htpasswd before to protect my own stuff, but I've
never heard of it being used for a production site (online store selling
subscriptions to protected content).  At some point all that authentication
and unique ID stuff is going to start clogging up the works.

Right now I'm playing catch-up on compiling in the auth_ldap module for
apache (non-trivial stuff for me--damn NT/Winblows--it's been a long long
time since I even installed something from sources), and using a directory
server to support all authentication requests.  To test this out, I'll be
using a directory server (which is on another machine entirely).
I don't know of anything as whup-ass fast as an LDAP server for handling
authentication requests, so done right, it's wicked fast. In fact, it's so
fast that unless you're handing out immutable username/password combinations
you can bet people are going to run dictionaries against you and track
successful logins (subscribers/customers are boneheads, and use the same
passwords everywhere).  The upside to it is that these incursions are rarely
going to impact the ability of the box to serve pages because ldap is
extremely fast and the information volume is miniscule.  Combine that with
almost no HD access on the machine serving webpages, and then the only
problems come from re-indexing (it always takes longer to write/re-index
directory entries than it does to read them)  on the other server   whenever
a new uid is added to a cn.

The module I'm currently looking at is mod_ldap.c, located at
http://kie.berkeley.edu/people/jmorrow/mod_ldap

I hope this provides you with some minor insight into an alternative.  The
documentation in the above link explains how to implement the tag for
protecting a directory tree.  Good stuff.


----- Original Message -----
From: Tarren <tarren@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, July 21, 2000 12:05 PM
Subject: [cobalt-users] Password Authenticated Sites (Methods)


> Dear all,
>
> I know well the standard .htaccess/.htpasswd method of protecting a site,
> but have been advised that this can be slow and inefficient if a large
> number of users are added.
>
> With the Cobalt RaQ3i, as it stands, without re-compiling apache or
> "breaking" anything, are there any better methods that can be employed?
> Perhaps via PostgreSql, MySql or DBM or something?
>
> Can anyone advise? Perhaps someone has already done this without radically
> changing the RaQ or "invalidating the warrantee".
>
> Does anyone have any resources that they could point me towards?
>
> Regards,
>
> Tarren.
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- [cobalt-users] Password Authenticated Sites (Methods)
  - From: Tarren

Prev by Date: [cobalt-users] re: Qube 2 Software Update 3.0
Next by Date: Re: [cobalt-users] remote backups?
Previous by thread: [cobalt-users] Password Authenticated Sites (Methods)
Next by thread: Re: [cobalt-users] Password Authenticated Sites (Methods)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index