Solved

security

Posted on 1997-11-27
1
332 Views
Last Modified: 2013-12-26
How would I go about setting up a password protected area on our website?  It is hosted by an ISP and the machines are UNIX based.  Do I go to the ISP or is it something I can do on my end?
Thank you!  
0
Comment
Question by:kzc
1 Comment
 
LVL 2

Accepted Solution

by:
df020797 earned 100 total points
ID: 1295694
There is a builtin auth method in most webservers called HTAccess. This can be fully administered by yourselves.

Its works like this:

In the directories you want to protect you put a .htaccess file which states in what file passwords and users can be found, in what file groups can be found and what auth method shall be used

Example of .htaccess file:
AuthUserFile /home/mycompany/public_html/secret/.htpasswd
AuthGroupFile /home/mycompany/public_html/secret/.htgroup
AuthName Username
AuthType Basic

<Limit GET>
Require group mygroup
</Limit>

This .htaccess file will authenticate that a user types the right password and belongs to the right group to be able to www-wise enter /home/mycompany/public_html/secret. A dialogue box is automatically showed when a user tries to enter te URL and before he can get any of the content he have to type a correct user and password.

Example of .htpasswd file:
user1:kdjeölsd.opwJk
etc

where user is a userid and the field after : is an Unix encryoted password

Example of .htgroup file:

mygroup: user1
mygroup: user2
etc

Of course you can use multiple password files and group files for different directories/URL:s you want to protect. Its done by typing a path to the prefered passwd file and group file in the .htaccess file. As I said there must live a .htaccess file in all URL:s/directories to be protected.

If you want to centralize the administration of the passwords and groups you use just one passwd file and group file and one .htaccess file, but symlinks .htaccess in all URL:s/directories that you want to protect.

Encryption programs to encrypt passwords can easily be written in C or Perl. Maybe even your ISP has programs ready for this.
Otherwise I happily write one for you

//Patrik

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADO Memory leak with DELPHI 2007 37 171
Tab names are off by one 5 53
unable to delete all specified values regedit 38 278
Shell script to login to remote m/c and execute commands 10 78
Introduction: Hints for the grid button.  Nested classes, templated collections.  Squash that darned bug! Continuing from the sixth article about sudoku.   Open the project in visual studio. First we will finish with the SUD_SETVALUE messa…
Introduction: Dialogs (2) modeless dialog and a worker thread.  Handling data shared between threads.  Recursive functions. Continuing from the tenth article about sudoku.   Last article we worked with a modal dialog to help maintain informat…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now