[freeside] User Authentication Setup
ivan
ivan at 420.am
Tue Jul 10 23:55:48 PDT 2001
On Wed, Jul 11, 2001 at 02:44:20PM +0930, David Lloyd wrote:
>
> Hi There!
>
> I've managed to get Freeside running, however I have an issue:
>
> If I have an agent "basic agent", how does one stop "basic agent" from
> fiddling with the administration settings?
Agents are orthoginal to users.
> - running a separate page without those settings on doesn't seem secure
> enough to me
> (i.e. I could authenticate as the real user, setup a trojan freeside
> on my own web servers and so on...)
>
> - specifically, it looks as though once a user is authenticated they
> have full administration rights; a clerk at the desk, for example, could
> invent an unlimited download plan with no costs with the click of a few
> buttons
Freeside does not attempt to enforce this sort of internal policy.
You can use the normal Apache authentication methods to restrict access at
the page or directory level:
http://httpd.apache.org/docs/misc/FAQ.html#user-authentication
--
meow
_ivan
More information about the freeside-users
mailing list