Basic Security and Limited Distribution


The standard HTTP server provides very limited security. If you require better security you need to choose one of the commercial servers.

You can lock certain pages from view by specifying IP numbers, User IDs or anything you can write into a script. However each of these can usually be hacked.

In the above cases, the information is still transmitted in plain text, as is the information requested, user name and password.

Viewer Warnings

Although proxy caches are designed not to cache the above types of documents, viewers do. Netscape keeps all documents on hard disk and these are not wiped until the space is needed for something else.

You can specify documents to be cached until the end of a session. But Netscape does not delete the documents until it restarts. This again relies on the user.

Some Good News

Now all the bad stuff is out of the way, some good news. If you restart Netscape you will be required to enter your name and password for any or all pages accessed on a secure site (depending on the settings discussed above).

This means that you can not SUBMIT information or run a script or access another page without this name/password.

For most users this is secure enough.

HTTPD - Cern

How to do this.


	UserId  sysadmin
	GroupId wheel
The user ID and group should be set and the files protected. This is to stop anyone accessing the documents via other methods (FTP, account on computer etc.)

However you must run httpd as root. Then it can specify the above user/group. Alternatively you can run httpd as the user and group. The above entries are ignored.

Protection Groups

These are the groups you setup hosts and users in
	        UserId          sysadmin
	        GroupId         wheel
	        AuthType        Basic
	        PasswdFile      /usr/web/passwd
	        GroupFile       /usr/web/group
	        GET-Mask        scottp, nicka, davidb
	        POST-Mask       scottp, nicka, davidb
This example sets users scottp, nicka and davidb to userid sysadmin and group wheel on a server. The group and passwd files are kept in the standard web directory.

Protecting Documents

Here you specify a directory and the group that allows access.
	Protect /network/sysadmin/*      SYSADMIN-PROTECT


There is even more on security at yahoo!

Contents | Previous | Next | Search

Modified: 1/8/95
Created: 28/7/95