[plt-scheme] PLT web-server security

From: Grzegorz Chrupała (grzegorz at pithekos.net)
Date: Sat Apr 3 09:41:49 EST 2004

Previous message: [plt-scheme] input from file
Next message: [plt-scheme] hygienic macros
Messages sorted by: [date] [thread] [subject] [author]

Hi all,
I have a few doubts regarding access control with the PLT web-server. I 
run mzscheme 206.1 on Mandrake Linux 9.2. All the files below the 
collects/web-server directory are writable only by user plt-web-server 
and the server is run by this user. 

However, any local user can change the configuration using the web 
interface. On a multi-user system this is undesirable. What is the 
usual approach to ensure that only some user(s) can change the server's 
configuration?

A related issue, I see that the passwords for restricted access realms 
are stored in plain text. Is there a way to store them encrypted, as 
done e.g. by the Apache web server? 

Cheers,
-- 
Grzegorz Chrupała | http://pithekos.net | grzegorzc at jabber.org

Posted on the users mailing list.

Previous message: [plt-scheme] input from file
Next message: [plt-scheme] hygienic macros
Messages sorted by: [date] [thread] [subject] [author]