Solved

security

Posted on 1997-11-27
1
368 Views
Last Modified: 2013-12-26
How would I go about setting up a password protected area on our website?  It is hosted by an ISP and the machines are UNIX based.  Do I go to the ISP or is it something I can do on my end?
Thank you!  
0
Comment
Question by:kzc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 2

Accepted Solution

by:
df020797 earned 100 total points
ID: 1295694
There is a builtin auth method in most webservers called HTAccess. This can be fully administered by yourselves.

Its works like this:

In the directories you want to protect you put a .htaccess file which states in what file passwords and users can be found, in what file groups can be found and what auth method shall be used

Example of .htaccess file:
AuthUserFile /home/mycompany/public_html/secret/.htpasswd
AuthGroupFile /home/mycompany/public_html/secret/.htgroup
AuthName Username
AuthType Basic

<Limit GET>
Require group mygroup
</Limit>

This .htaccess file will authenticate that a user types the right password and belongs to the right group to be able to www-wise enter /home/mycompany/public_html/secret. A dialogue box is automatically showed when a user tries to enter te URL and before he can get any of the content he have to type a correct user and password.

Example of .htpasswd file:
user1:kdjeölsd.opwJk
etc

where user is a userid and the field after : is an Unix encryoted password

Example of .htgroup file:

mygroup: user1
mygroup: user2
etc

Of course you can use multiple password files and group files for different directories/URL:s you want to protect. Its done by typing a path to the prefered passwd file and group file in the .htaccess file. As I said there must live a .htaccess file in all URL:s/directories to be protected.

If you want to centralize the administration of the passwords and groups you use just one passwd file and group file and one .htaccess file, but symlinks .htaccess in all URL:s/directories that you want to protect.

Encryption programs to encrypt passwords can easily be written in C or Perl. Maybe even your ISP has programs ready for this.
Otherwise I happily write one for you

//Patrik

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Here is how to use MFC's automatic Radio Button handling in your dialog boxes and forms.  Beginner programmers usually start with a OnClick handler for each radio button and that's just not the right way to go.  MFC has a very cool system for handli…
Introduction: Displaying information on the statusbar.   Continuing from the third article about sudoku.   Open the project in visual studio. Status bar – let’s display the timestamp there.  We need to get the timestamp from the document s…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question