RE: secure way for users webpage uploads

To: <debian-isp@lists.debian.org>
Subject: RE: secure way for users webpage uploads
From: "Joaquin Ferrero" <explorer@pucela.net>
Date: Mon, 17 Jul 2000 18:57:40 +0200
Message-id: <[🔎] LOBBJLMKDMEBICAJNPOHAEGNCEAA.explorer@pucela.net>
In-reply-to: <Pine.LNX.4.10.10007171859230.14936-100000@s01.unitech.nl>

> -----Mensaje original-----
> De: A. Vije [mailto:linuxinfo@linuxinfo.nl]
> Enviado el: lunes, 17 de julio de 2000 19:02
> Para: Joaquin Ferrero
> Asunto: RE: secure way for users webpage uploads
>
>
> I`m sorry to bother you but since i soon have to manage a complete set of
> webservers i have some questions for you:
>
> Are you using mysql also for user authentication when the logon?
> if so: do you know some documentation that covers these settings?
>
> On Mon, 17 Jul 2000, Joaquin Ferrero wrote:
> > I use proftpd with mysql users auth:
> >
> > /etc/proftpd.conf:
> > --------------------------------------------------
> > <Directory /*>
> >   AllowOverwrite                on
> >   HideNoAccess
> >   HideUser      root
> >   HideGroup  root
> >   <LIMIT READ>
> >         IgnoreHidden on
> >   </LIMIT>
> > </Directory>
> >
> > DefaultRoot ~/public_html users,!www
> >
> > MySQLInfo localhost webuser epf83hjr http_auth
> > SQLUserTable mysql_auth
> > SQLUsernameField username
> > SQLPasswordField passwd
> > SQLEncryptedPasswords on
> > --------------------------------------------------
> >
> > The most important:
> >
> > DefaultRoot ~/public_html users,!www
> >
> > permit users (group users) view yours public_html, and no more.
> > And administrators (group www) can view others dirs.
> >
> >
> >     Joaquin Ferrero
> >     explorer@pucela.net
> >


I use mysql for:

	1. Imap authetication via pam (with pam_mysql)

	/etc/pam.d/imap:

	auth	required	pam_mysql.so host=localhost database=http_auth user=webuser password=epf83hjr table=mysql_auth usercol=username
passwordcol=passwd crypt=n

	2. Ftp (proftpd) with the sample mailed

	3. Web (apache), with /etc/apache/http.conf:
	---------------------------------------------------
	LoadModule auth_mysql_module /usr/lib/apache/1.3/mod_auth_mysql.so
      <Directory /home/atari/public_html/pruebas>
      	Auth_MySQL_Password_Table mysql_auth
            Auth_MySQL_Encrypted_Passwords on
      </Directory>
	# Autenticación por mysql
	Auth_MySQL_Info localhost webuser epf83hjr
	Auth_MySQL_General_DB http_auth
	---------------------------------------------------
	This authetication is for dirs with .htaccess files


Really, with pam_mysql can authenticate many services...

Web address...
	web:
	http://www.mysql.com/downloads/contrib.html
	mysql:
	http://bourbon.netvision.net.il/mysql/mod_auth_mysql/
	pam_mysql:
	https://sourceforge.net/projects/pam-mysql/ (not supported!!)


But is not easy...

I needed edit & compile the pam_mysql v0.2 (because I dont like your auth system).
And edit & compile the proftpd package, because the standard proftpd distribution dont have mysql & pam support.
And download the mysql & pam sources (I needed yours libs for the previous compiles).

TODO:

sendmail+mysql...
	http://sendmail.jacked-in.org/

but have patchs very, very large :(


    Joaquin Ferrero
    explorer@pucela.net

Reply to:

Follow-Ups:
- only POP3
  - From: Aubert Gabor <aboy@d-eyes.pganet.com>

Prev by Date: RE: secure way for users webpage uploads
Next by Date: only POP3
Previous by thread: RE: secure way for users webpage uploads
Next by thread: only POP3
Index(es):
- Date
- Thread