[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: further modifications to mod_auth_pam.c



Chris Dent writes:
>My modifications allow the
>pam service name to be listed in the .htaccess file[...]

How secure is this practice?  I've noticed that this has been added
to several applications; I have a policy of not putting this capability
in apps that I've pamified for Red Hat Linux because I'm of the opinion
that putting this choice anywhere where users can get at it is a bad
idea.

I can't say that it would be exploitable, but I worry about it.  Have
people been carefully considering this issue before adding this feature
to apps?

michaelkjohnson

"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []