CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign on a Sub Directory Only

This was originally a security thought, but I'm not sure our reasons are valid anymore. I think our original logic was not wanting users to turn off/on Cosign if an admin had made it on/off for a whole server, but that might be spurious. Other members of the core cosign team feel free to speak up and correct me if there was a more pressing issue and I've just forgotten it. ;)

Did you want to use it in an .htaccess? Does anyone? Is this something people would like to see changed? Anyone have security thoughts on this matter?


On Jul 20, 2004, at 11:11 AM, Phil Pishioneri wrote:

On 7/20/04 11:07 AM, johanna bromberg craig wrote:


have CosignProtected Off in the conf, and then have

<Directory /home/webserver/docs/i_want_to_protect_this>
	CosignProtected On

On the subject of "CosignProtected":

Are there design/security issues in not allowing it to be used in .htaccess files?



Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010