Re: Bug#485562: twiki: configure script access badly protected
Olivier Berger wrote:
> *Should be "apache" in all three.*
>
> By "apache user", I mean something which relates to Require user in the
> apache.conf section of the 'configure' script... of course, this assumes
> that it's running apache and no other web server ;)
>
> In any case, that's meant to differenciate from "TWiki users", which are
> managed "inside twiki".
I'm still not quite convinced by the expression "apache user", but I
can't decide what alternative I'd suggest.
The trouble with "apache user" is that it might mean the local
system's www-data, or maybe the owner of the computer, rather than
a browser-user authenticated via mod_auth_basic...
_Description: User allowed access to 'configure' script
Please enter the name of the **** user who will be allowed
to run the configure script at ${site}/cgi-bin/configure.
_Description: Password for ${configuser}:
Please enter the password of the **** user who will be allowed
to run the configure script at ${site}/cgi-bin/configure.
Where "****" is... "HTTP"? "authenticated"? "htpasswd"?
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: