Re: COSIGN: note: login form action="/"

[kevin mcgowan <clunis@xxxxxxxxx>]

On Mar 23, 2004, at 9:35 AM, Shanti Suresh wrote:

> Hi Kevin,
>
> I appreciate your posting that message.  Quite detailed
> and comprehensive, actually.  One small thing that you might
> want to consider adding though, for the benefit of
> the newbie web-administrators out there, is that weblogin is dedicated
> only for the purpose of running the cosign.cgi and authenticating; 
> i.e. there are no user-directories or any other CGI scripts running.
> Am I correct in making this assumption?
> Just a thought that struck me because you turn ExecCGI on
> at DocumentRoot.  So I thought it might help to state
> that the whole web-site is pretty trustworthy.

I've forwarded your message to the web archiver so your reply will 
appear on the web site (since I agree with you that this is important 
to point out).

> Now is the reason you're not using "mod_rewrite"
> because you included only select modules during
> the server-build, so you can keep the httpd-size to the bare minumum?

It is true that we include only select modules during the server build 
and that mod_rewrite isn't one of them.  I'm not using it here because 
I want to keep things as simple as possible.  Using cosign.cgi as a 
DirectoryIndex seemed, to me, to do the same thing that a rewrite rule 
would do and to be more intuitable by an Apache admin.  I may very well 
be incorrect. :)

People are, of course, free to use mod_rewrite on their weblogin 
servers if they choose, but I'm pretty happy with the setup we're 
using.

Kevin