Re: Cosign on a Sub Directory Only

[johanna bromberg craig <canna@xxxxxxxxx>]

This was originally a security thought, but I'm not sure our reasons 
are valid anymore. I think our original logic was not wanting users to 
turn off/on Cosign if an admin had made it on/off for a whole server, 
but that might be spurious. Other members of the core cosign team feel 
free to speak up and correct me if there was a more pressing issue and 
I've just forgotten it. ;)

Did you want to use it in an .htaccess? Does anyone? Is this something 
people would like to see changed? Anyone have security thoughts on this 
matter?

Thanks,
J


On Jul 20, 2004, at 11:11 AM, Phil Pishioneri wrote:

> On 7/20/04 11:07 AM, johanna bromberg craig wrote:
>
> > sure!
> >
> > have CosignProtected Off in the conf, and then have
> >
> > <Directory /home/webserver/docs/i_want_to_protect_this>
> > 	CosignProtected On
> > </Directory>
>
> On the subject of "CosignProtected":
>
> Are there design/security issues in not allowing it to be used in 
> .htaccess files?
>
> -Phil
>
>
>
>
> !DSPAM:40fd3678284352399318145!