Go Back   vb.org Archive > Community Discussions > Modification Requests/Questions (Unpaid)
Reload this Page Integrate VB security with Apache
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 08-17-2001, 05:46 AM
Pilot Pilot is offline
 
Join Date: Oct 2001
Posts: 59
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It would sometimes be useful if rather the VB usernames/passwords could be stored in a form readable by the Apache .htaccess access control so that you could protect non-VB areas of your website so that only registered users could access them, using the same id/password.

So I guess this would mean issuing a htpasswd command when a user registered, or periodically doing this for users in the database. Some sites use http authentication for their large user communities - I don't quite know how they do it- can you get Apache to call external routines to authenticate users?
Reply With Quote
  #2  
Old 08-17-2001, 11:30 AM
thewitt's Avatar
thewitt thewitt is offline
 
Join Date: Oct 2001
Location: Maine
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You have a few options that come to mind immediately.

1) Run a periodic script that extracts the usernames and passwords from the vB database and creates your password file for use by .htaccess. Simple, but not real time.

2) Modify (hack) vB to generate a new entry in your .htaccess password file whenever a new user is added to vB (password changed, etc). Will be seen as the user as real time - he gets a vB account on the system, he can use the other authenticated portions of the site.

3) Extend Apache with a new mod_auth_vB module that would read the vB database. It is open source, so you could modify one of the other authentication modules to simply read from vB's schema.

The problem with #3 is that the vB password is currently stored as plain text, so you are at risk on a shared server to opening up your entire website if you use the passwords stored there as your website passwords. Of course if you can modify Apache on your server you are not likely on a shared server anyway...

I guess this risk applies to #1 and #2 as well should anyone hack your vB password list .

I'm not a proponent of plain text passwords anywhere as you might be able to tell.

It would not be difficult to do #1 or #2 (you'll probably want both to populate your password file initially anyway), and if passwords are ever stored secured by default in vB, #3 would be a great addition for folks with dedicated servers.

-t
Reply With Quote
  #3  
Old 08-17-2001, 03:11 PM
Pilot Pilot is offline
 
Join Date: Oct 2001
Posts: 59
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Well they are all beyond my ability at the present time, but maybe someone here might have a go as a hack at #1 or #2.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:15 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04004 seconds
  • Memory Usage 2,167KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete