[TriLUG] ot: password protect a url with a querystring
Scott Lundgren
trilug at capitalfellow.com
Tue May 31 15:50:20 EDT 2005
I'm pretty sure I'm crazy but sometimes it's good to ask others just to
make sure. I'm setting up awstats (http://awstats.sf.net) for a number of
groups.
I choose awstats because these groups are generally non-technical and
awstats navigation when run as a cgi tested well for user-friendliness
with them. As such a user would access their stats at:
webstats.example.com/cgi-bin/awstats.pl?config=group1
webstats.example.com/cgi-bin/awstats.pl?config=group2
webstats.example.com/cgi-bin/awstats.pl?config=group3
etc
However each group could see each other's statistics simply by guessing
and changing the query string. Ordinarily I would solve this by setting up
a mod_rewrite to something like
webstats.example.com/group1
with an appropriate .htaccess file mapped to that now virtual location.
However I'm not allowed to use mod_rewrite (long story).
Is there another way that once I authenticate a user to a uRL like
webstats.example.com/cgi-bin/awstats.pl
I can prevent the group1 user from accessing
webstats.example.com/cgi-bin/awstats.pl?config=group2
thank you for the spare brain cells mine are done cooked,
Scott
More information about the TriLUG
mailing list