[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
RE: [mv] newbie: minimate security
****** message to minivend-users from "Alex Melkomukov" <amelkomukov@navi.net> ******
i am still not having any luck. if people log in, then they can't access
the MiniMate link, but if they type in
www.virtualdomain.com/catalog.cgi/config/menu.html (or any other html file)
in their browser, they have full access to the MiniMate editing pages. i
realize i need to learn more about apache and perl (along with MiniVend),
but at this point, i am just trying to get it installed and running
(properly = securely). if there is anybody that could give me some clues or
point me in the right direction, i would be very greatful. my understanding
so far is that i need to deny access without a password to the MiniMate
directories (~/mvend/lib/MiniMate ?) via apache with the .htaccess file:
<LocationMatch /cgi-bin/simple/+(admin|config)>
AuthType Basic
AuthUserFile /home/minivend/users
AuthName "MiniVend Administration"
require valid-user
</LocationMatch>
i am still trying to figure out what the proper LocationMatch should be, i'v
been using variations of /catalog.cgi/+(admin|config), /+(admin|config), and
so on without any luck.
then i need to add the .access, and .access_gate files, etc.
do these two steps function seperately, or in conjunction somehow?
help,
am
> -----Original Message-----
> From: owner-minivend-users@minivend.com
> [mailto:owner-minivend-users@minivend.com]On Behalf Of Stefan Hornburg
> Sent: Monday, March 20, 2000 10:51 AM
> To: minivend-users@minivend.com
> Subject: Re: [mv] newbie: minimate security
>
>
> ****** message to minivend-users from Stefan Hornburg
> <racke@linuxia.de> ******
>
> "Alex Melkomukov" <amelkomukov@navi.net> writes:
>
> > ****** message to minivend-users from "Alex Melkomukov"
> <amelkomukov@navi.net> ******
> >
> > hi all,
> >
> > ok, i'm tearing my hair out here. i have MiniVend 4.02 installed with
> > MiniMate 4.0.0.1 on BSDI 3.1 running Apache 1.3.9 and Perl
> 5.005_02. the
> > installations went fine and MiniVend works fine. i spent some
> time figuring
> > out that the owner needed to be added to the userdb before
> minimate would
> > work, but seems to work fine now. minivend is installed in a
> user's local
> > directory and i am using ~/catalog.cgi/ instead of ~/cgi-bin/
> to access the
> > minivend html pages. i secured the catalogs directory, but
> every time i try
> > to secure the minivend directories following the instructions from
> > www.linuxia.net/minimate, i get completely locked out. if
> somebody could
> > e-mail me off-list and share the specifics of securing the minimate
> > directories (including what my 'LocationMatch' string should be, which
> > directories to protect, where to create the .htaccess file,
> etc.) i would
> > really appreciate it.
>
> I think, MiniMate is properly protected by itself with version 4.0.0.1.
> It lacks in HTTPS support, though.
>
> Ciao
> Racke
>
> --
> LinuXia Systems, eCommerce and more => http://www.linuxia.de/ or
> 0511-3941290.
> Unsere Partner: Cobolt NetServices (http://www.cobolt.net),
> CAPCON Systemhouse
> (http://www.capcon-systemhouse.com), ecoservice gmbh
(http://www.ecoservice.de)
Unser Fokus liegt auf Open-Source-Software (MiniVend, Debian GNU/Linux,
etc.)
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to
Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
