Solved

security

Posted on 1997-11-27
1
374 Views
Last Modified: 2013-12-26
How would I go about setting up a password protected area on our website?  It is hosted by an ISP and the machines are UNIX based.  Do I go to the ISP or is it something I can do on my end?
Thank you!  
0
Comment
Question by:kzc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 2

Accepted Solution

by:
df020797 earned 100 total points
ID: 1295694
There is a builtin auth method in most webservers called HTAccess. This can be fully administered by yourselves.

Its works like this:

In the directories you want to protect you put a .htaccess file which states in what file passwords and users can be found, in what file groups can be found and what auth method shall be used

Example of .htaccess file:
AuthUserFile /home/mycompany/public_html/secret/.htpasswd
AuthGroupFile /home/mycompany/public_html/secret/.htgroup
AuthName Username
AuthType Basic

<Limit GET>
Require group mygroup
</Limit>

This .htaccess file will authenticate that a user types the right password and belongs to the right group to be able to www-wise enter /home/mycompany/public_html/secret. A dialogue box is automatically showed when a user tries to enter te URL and before he can get any of the content he have to type a correct user and password.

Example of .htpasswd file:
user1:kdjeölsd.opwJk
etc

where user is a userid and the field after : is an Unix encryoted password

Example of .htgroup file:

mygroup: user1
mygroup: user2
etc

Of course you can use multiple password files and group files for different directories/URL:s you want to protect. Its done by typing a path to the prefered passwd file and group file in the .htaccess file. As I said there must live a .htaccess file in all URL:s/directories to be protected.

If you want to centralize the administration of the passwords and groups you use just one passwd file and group file and one .htaccess file, but symlinks .htaccess in all URL:s/directories that you want to protect.

Encryption programs to encrypt passwords can easily be written in C or Perl. Maybe even your ISP has programs ready for this.
Otherwise I happily write one for you

//Patrik

0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here is how to use MFC's automatic Radio Button handling in your dialog boxes and forms.  Beginner programmers usually start with a OnClick handler for each radio button and that's just not the right way to go.  MFC has a very cool system for handli…
Introduction: The undo support, implementing a stack. Continuing from the eigth article about sudoku.   We need a mechanism to keep track of the digits entered so as to implement an undo mechanism.  This should be a ‘Last In First Out’ collec…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question