Solved

security

Posted on 1997-11-27
1
343 Views
Last Modified: 2013-12-26
How would I go about setting up a password protected area on our website?  It is hosted by an ISP and the machines are UNIX based.  Do I go to the ISP or is it something I can do on my end?
Thank you!  
0
Comment
Question by:kzc
1 Comment
 
LVL 2

Accepted Solution

by:
df020797 earned 100 total points
ID: 1295694
There is a builtin auth method in most webservers called HTAccess. This can be fully administered by yourselves.

Its works like this:

In the directories you want to protect you put a .htaccess file which states in what file passwords and users can be found, in what file groups can be found and what auth method shall be used

Example of .htaccess file:
AuthUserFile /home/mycompany/public_html/secret/.htpasswd
AuthGroupFile /home/mycompany/public_html/secret/.htgroup
AuthName Username
AuthType Basic

<Limit GET>
Require group mygroup
</Limit>

This .htaccess file will authenticate that a user types the right password and belongs to the right group to be able to www-wise enter /home/mycompany/public_html/secret. A dialogue box is automatically showed when a user tries to enter te URL and before he can get any of the content he have to type a correct user and password.

Example of .htpasswd file:
user1:kdjeölsd.opwJk
etc

where user is a userid and the field after : is an Unix encryoted password

Example of .htgroup file:

mygroup: user1
mygroup: user2
etc

Of course you can use multiple password files and group files for different directories/URL:s you want to protect. Its done by typing a path to the prefered passwd file and group file in the .htaccess file. As I said there must live a .htaccess file in all URL:s/directories to be protected.

If you want to centralize the administration of the passwords and groups you use just one passwd file and group file and one .htaccess file, but symlinks .htaccess in all URL:s/directories that you want to protect.

Encryption programs to encrypt passwords can easily be written in C or Perl. Maybe even your ISP has programs ready for this.
Otherwise I happily write one for you

//Patrik

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Expand data scrubbing tool 13 32
Fibonacci challenge 11 122
How to convert MFC::CString to UTF8 wchar_t* 10 211
mapAB Challlenge 35 145
Introduction: Displaying information on the statusbar.   Continuing from the third article about sudoku.   Open the project in visual studio. Status bar – let’s display the timestamp there.  We need to get the timestamp from the document s…
Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question