|
|
cosign-discuss at umich.edu
|
general discussion of cosign development and deployment
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cosign on a Sub Directory Only
I agree with this notion--control should be in the hands of the
administrator via AllowOverride, if anything.
Phil Pishioneri wrote:
On 7/20/04 5:06 PM, johanna bromberg craig wrote:
This was originally a security thought, but I'm not sure our reasons
are valid anymore. I think our original logic was not wanting users to
turn off/on Cosign if an admin had made it on/off for a whole server,
but that might be spurious. Other members of the core cosign team feel
free to speak up and correct me if there was a more pressing issue and
I've just forgotten it. ;)
Did you want to use it in an .htaccess?
We were thinking of .htaccess usage, possibly for personal web pages,
though I think we came up with an alternative.
Does anyone? Is this something people would like to see changed?
Anyone have security thoughts on this matter?
If "CosignProtected" could be classified as an authorization directive
(I don't know if that would be possible), then an admin could allow its
use by specifying "AllowOverride AuthConfig" as needed.
-Phil
|
|