CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign on a Sub Directory Only

I agree with this notion--control should be in the hands of the administrator via AllowOverride, if anything.

Phil Pishioneri wrote:
On 7/20/04 5:06 PM, johanna bromberg craig wrote:

This was originally a security thought, but I'm not sure our reasons are valid anymore. I think our original logic was not wanting users to turn off/on Cosign if an admin had made it on/off for a whole server, but that might be spurious. Other members of the core cosign team feel free to speak up and correct me if there was a more pressing issue and I've just forgotten it. ;)

Did you want to use it in an .htaccess?

We were thinking of .htaccess usage, possibly for personal web pages, though I think we came up with an alternative.

Does anyone? Is this something people would like to see changed? Anyone have security thoughts on this matter?

If "CosignProtected" could be classified as an authorization directive (I don't know if that would be possible), then an admin could allow its use by specifying "AllowOverride AuthConfig" as needed.


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010