MiniVend Akopia Services
[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Suggestion for MiniMate security

After hearing all of the problems people are having, I suggest this:

In catalog.cfg:

# Or whatever you want it to be
RemoteUser   minivend

# Or whatever you want it to be
Password     CHANGE
Variable     MV_NO_CRYPT  1

Then create a zero-length .access file in all protected directories.

    rm mvend/lib/MiniMate/pages/config/.access
    rm mvend/lib/MiniMate/pages/admin/.access
    touch mvend/lib/MiniMate/pages/config/.access
    touch mvend/lib/MiniMate/pages/admin/.access

And finally, put this in your .access_gate files in those directories

*: [perl arg="config" INTERPOLATE=1]
        return 1 if $Safe{config}{RemoteUser} eq q{[data session username]};
        return 0;
    [/perl]

This should work across multiple catalogs and not require using
the internal web server.

IMPORTANT NOTE: It is not nearly as tested as HTTPD basic authorization,
which is easy to set up. I recommend using this for Apache instead:

<Location /cgi-bin/simple/admin>
AuthUserFile /home/httpd/htpasswd
AuthGroupFile /home/httpd/htgroup
AuthName MVadmin
AuthType Basic
<Limit GET POST>
    require valid-user
</Limit>
</Location>

<Location /cgi-bin/simple/config>
AuthUserFile /home/httpd/htpasswd
AuthGroupFile /home/httpd/htgroup
AuthName MVadmin
AuthType Basic
<Limit GET POST>
    require valid-user
</Limit>
</Location>

-- 
Mike Heins                          http://www.minivend.com/  ___ 
                                    Internet Robotics        |_ _|____
                                    131 Willow Lane, Floor 2  | ||  _ \
It's a little-known fact            Oxford, OH  45056         | || |_) |
that the Y1K problem caused         <mikeh@minivend.com>     |___|  _ <
the Dark Ages. -- unknown           513.523.7621 FAX 7501        |_| \_\
Search for: Match: Format: Sort by: