I am using .htaccess authentication for my website and setting the default.cfg to no-authentication=1 and giving default permissions of 1,1,1,1,0. It seems to be working the same as if using the default.pass file. Do you see any potential problems with this setup? I don't know how to limit access for whole directories using DBMan. My understanding is that the authentication in DBMan is just for access to the database and not for directories.

Well, the major problem is that it would take a lot of tweaking to create the .htpasswd file to mirror the format of the .pass file.
So, I don't think it will work. You will still have to use the .pass file to authenticate users to access the database file to add, delete, and modify records.

What I have done is use .htaccess to protect the database, password, auth sesssions (auth), and log files in a different directory than where the index.cgi, html.pl, and default.cfg files are located.

Hope this info helps.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited August 04, 1999).]

[This message has been edited by Eliot (edited August 04, 1999).]

I think your idea would work pretty well, hugh. You are correct that the DBMan authentication only works for the database and not for directories.

The auth.pl file allows you to use .htaccess to log in, but I'm not really sure how it works. I don't know if you have to add the password to the .pass file or not.

I think that if you set $auth_no_authentication =1, though, it would work fine. Except that you wouldn't be able to log on as an admin.



------------------
JPD