?
Solved

security

Posted on 1997-11-27
1
Medium Priority
?
377 Views
Last Modified: 2013-12-26
How would I go about setting up a password protected area on our website?  It is hosted by an ISP and the machines are UNIX based.  Do I go to the ISP or is it something I can do on my end?
Thank you!  
0
Comment
Question by:kzc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 2

Accepted Solution

by:
df020797 earned 400 total points
ID: 1295694
There is a builtin auth method in most webservers called HTAccess. This can be fully administered by yourselves.

Its works like this:

In the directories you want to protect you put a .htaccess file which states in what file passwords and users can be found, in what file groups can be found and what auth method shall be used

Example of .htaccess file:
AuthUserFile /home/mycompany/public_html/secret/.htpasswd
AuthGroupFile /home/mycompany/public_html/secret/.htgroup
AuthName Username
AuthType Basic

<Limit GET>
Require group mygroup
</Limit>

This .htaccess file will authenticate that a user types the right password and belongs to the right group to be able to www-wise enter /home/mycompany/public_html/secret. A dialogue box is automatically showed when a user tries to enter te URL and before he can get any of the content he have to type a correct user and password.

Example of .htpasswd file:
user1:kdjeölsd.opwJk
etc

where user is a userid and the field after : is an Unix encryoted password

Example of .htgroup file:

mygroup: user1
mygroup: user2
etc

Of course you can use multiple password files and group files for different directories/URL:s you want to protect. Its done by typing a path to the prefered passwd file and group file in the .htaccess file. As I said there must live a .htaccess file in all URL:s/directories to be protected.

If you want to centralize the administration of the passwords and groups you use just one passwd file and group file and one .htaccess file, but symlinks .htaccess in all URL:s/directories that you want to protect.

Encryption programs to encrypt passwords can easily be written in C or Perl. Maybe even your ISP has programs ready for this.
Otherwise I happily write one for you

//Patrik

0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Displaying information on the statusbar.   Continuing from the third article about sudoku.   Open the project in visual studio. Status bar – let’s display the timestamp there.  We need to get the timestamp from the document s…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question