cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: COSIGN: note: login form action="/"
- To: shanti@xxxxxxxxx
- Subject: Re: COSIGN: note: login form action="/"
- From: kevin mcgowan <clunis@xxxxxxxxx>
- Date: Tue, 23 Mar 2004 09:41:49 -0500
- In-reply-to: <40604B18.email@example.com>
- References: <B46BFD0C-7CC8-11D8-9342-000A95CD7232@umich.edu> <40604B18.firstname.lastname@example.org>
On Mar 23, 2004, at 9:35 AM, Shanti Suresh wrote:
I appreciate your posting that message. Quite detailed
and comprehensive, actually. One small thing that you might
want to consider adding though, for the benefit of
the newbie web-administrators out there, is that weblogin is dedicated
only for the purpose of running the cosign.cgi and authenticating;
i.e. there are no user-directories or any other CGI scripts running.
Am I correct in making this assumption?
Just a thought that struck me because you turn ExecCGI on
at DocumentRoot. So I thought it might help to state
that the whole web-site is pretty trustworthy.
I've forwarded your message to the web archiver so your reply will
appear on the web site (since I agree with you that this is important
to point out).
Now is the reason you're not using "mod_rewrite"
because you included only select modules during
the server-build, so you can keep the httpd-size to the bare minumum?
It is true that we include only select modules during the server build
and that mod_rewrite isn't one of them. I'm not using it here because
I want to keep things as simple as possible. Using cosign.cgi as a
DirectoryIndex seemed, to me, to do the same thing that a rewrite rule
would do and to be more intuitable by an Apache admin. I may very well
be incorrect. :)
People are, of course, free to use mod_rewrite on their weblogin
servers if they choose, but I'm pretty happy with the setup we're