Mailing List Archive


Back to the month index Back to the list index
Simon Kershaw (Simon.Kershaw@Smallworld.co.uk)
Thu, 3 Apr 97 11:08:35 BST 

Date: Thu, 3 Apr 97 11:08:35 BST
From: Simon Kershaw <Simon.Kershaw@Smallworld.co.uk>
Message-Id: <9704031008.AA10748@fowey.Smallworld.co.uk>
Subject: Re: [mSQL] w3-auth

"A. R. M." wrote:

> My sentiments exactly! I find mSQL to be a great tool. Having developed
> quite a few Lite-enhanced pages (which work absolutely beautifully), I'm
> ready to implement w3-auth but when I initially ran access.conf when I was
> testing the engine, back a couple of months ago, I got error messages
> accessing the data, so I'm running it now without ACL. It's still in the
> testing stage, so I don't worry about security.
> I do need pretty soon though to implement some sort of authorization
> (read / write).

access.conf controls which users can access the database via msqld. It
trusts users to tell the truth as to who they are. When using mSQL via
the WWW only the user who is running the cgi script accesses the db,
and if msqld and httpd are on the same machine no remote access is
required. As a minimum if this is how you are working you should
disable remote access.

w3-msql always checks in its own database to see if a particular access
to the database is allowed. If there is no access database then all
access is allowed (as controlled by access.conf). You can use w3-auth
to set up the access database which contains user names and passwords
of WWW users; it allows you to organize them into groups and to allow
these groups access to different areas of different databases.

As supplied (at mSQL 2b5) w3-auth and Apache (1.2b7) will not work
together, but, as I have noted earlier, by altering one line in Apache
you can make them w3-auth work. What we have still to collectively
work out though is how to set up groups and how this relates to areas
and bits of databases. It really shouldn't be too hard by trial and
error and by looking at the w3-msql source code to work this out, but I
for one haven't yet got round to doing so. Perhaps someone else would
like to have a go. When done we can all help David by writing the
w3-auth documentation for him!

As for David's priorities, I don't think writing the w3-auth docs and
getting it working are at the top. I would much rather he worked on
msqld itself, and only when that is nearly ready for full release
should he worry about w3-auth -- this is beta code after all folks. 

-- 
Simon Kershaw
Simon.Kershaw@Smallworld.co.uk   (work)   Cambridge  Not speaking
sjk@kershaw.demon.co.uk          (home)   England    for Smallworld
        http://www.kershaw.demon.co.uk
--------------------------------------------------------------------------
To remove yourself from the Mini SQL mailing list send a message containing
"unsubscribe" to "unsubscribe" to msql-list-request@bunyip.com.  Send a message containing
"info msql-list" to majordomo@bunyip.com for info on monthly archives of
the list. For more help, mail owner-msql-list@bunyip.com NOT the msql-list!