This is a re-post of my mail to the suphp mailing list. Although the behaviour described here is a serious design issue, I've never got any feedback.
The attached patch is some kind of "proof of concept" to solve a security related problem I have with suPHP.
Problem: Run script with file/directory owner threatens the user's files.
Since there is no mechanism defined to log the user out of a HTTP authenticated session you have to use a workaround. Most browsers forget their login data once they received a 403 response. The problem is, that the user have to return to the normal starting page manually.
Update 2017-02-22: It seems that this technique doesn't work anymore in recent Firefox and Chrome browsers.
Apache's include directive does not accept wildcards, so something like this won't be allowed:
Include /srv/www/vhosts/*/conf/vhost.conf
You can use mod_perl to realize this. Additionally, the following example does a simple permission check to ensure that the included file has not been modified by an ordinary user:
Some tutorials suggest to use the system properties http.proxyUser and http.proxyPassword to get proxy authentication, but that won't work since - in contrast to http.proxyHost and http.proxyPort - these properties will not be processed by Java's HttpURLConnection.
Other suggest to use a custom default Authenticator. But that's dangerous because this would send your password to anybody who asks.
Wichtiger Hinweis: Dieses "HowTo" ist in erster Linie als Erinnerung für mich selbst gedacht. Wenn ich jemand anderem damit ebenfalls helfen kann freue ich mich, aber aus zeitlichen Gründen kann ich im Moment nur sehr begrenzt Support geben.
Ich betreibe den yaVDR als Client/Server-Anwendung. Im Server befinden sich zwei DVB-S(2)-Karten, der Client im Wohnzimmer ist über das LAN angebunden.