CoSign: Collaborative Single Sign-On  
AnnouncementsDiscussion
 
 
home
download
build
overview
wiki
faq
filter
roadmap
license

cosign-discuss at umich.edu
general discussion of cosign development and deployment
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign on a Sub Directory Only

This was originally a security thought, but I'm not sure our reasons are valid anymore. I think our original logic was not wanting users to turn off/on Cosign if an admin had made it on/off for a whole server, but that might be spurious. Other members of the core cosign team feel free to speak up and correct me if there was a more pressing issue and I've just forgotten it. ;)

Did you want to use it in an .htaccess? Does anyone? Is this something people would like to see changed? Anyone have security thoughts on this matter?

Thanks,
J


On Jul 20, 2004, at 11:11 AM, Phil Pishioneri wrote:

On 7/20/04 11:07 AM, johanna bromberg craig wrote:

sure!

have CosignProtected Off in the conf, and then have

<Directory /home/webserver/docs/i_want_to_protect_this>
	CosignProtected On
</Directory>


On the subject of "CosignProtected":

Are there design/security issues in not allowing it to be used in .htaccess files?

-Phil




!DSPAM:40fd3678284352399318145!


 
Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010