Password Protected Web Pages
Passord Protecting a directory causes a password pop-up box to appear when
a person tries to access a document in the directory. Setting up password
protected directories is easy. You have your choice of several ways to do
it:
Using Control Panel:
In Cpanel, The "Secure Web Pages" option will allow you to add remove security and users
for a directory.
Using WebShell:
Go to Cpanel and access
Webshell for your account.
Select Protect Mode (lower right)
Click the directory you want to protect
This will start the ".htaccess Editor"
From here you can manage access to the directory. The 'Help' button
will present easy instructions if you need them.
If you are familiar with Linux, you can also set up password protection using Telnet.
Secure Directories
To make a directory that can only be accessed by one user, go to the directory that
contains the directory you want to secure and type
chown userid directoryname
To make the user only able to read and write in it, type:
chmod 700 directoryname
To allow others to read these files in this directoroy: After typing the first command, type:
chmod a+rx directoryname
To list the access permissions of a file or directory, type
ls -ls *.
r=read access, x=execute access, w=write access. The first
three letters apply to you, the second three letters apply to your group, the last three
letters apply to everyone else. Execute
access enables you to run programs or enter directories.
PEOPLE
u = the file's user (or owner)
g = the file's group
o = others
a = the user, the group, and others.
PERMISSIONS
r = read access
x = execute access
w = write access
To let everyone write to the file: chmod a+w
To not let people in the file's group or
others read the file: chmod go-r
To let people in the file's group execute
the file: chmod g+x
Secure CGI:
To not allow people on the web to read you cgi programs, end them with a .cgi
extension - This will cause the program to execute rather than display your code.
A variety of other security precautions should be taken when creating scripts.
Include code to confirm that the data being sent is from your web page:
Include code to check to see that the data being sent from your forms looks like the data
you asked for.
If using Perl, run your scripts with the Tainting feature on.
Include code to verify that the user input is not an exremely large amount of text.
SSL Encryption
Secure Server is available to all Business Accounts. SSL encryption is used to
send sensitive data over the Net.
Using SSL with an anonymous URL:
With this option, you URL's through one of Redwood Internet's secure certificates. Each certificate is
anonymously named (i.e. secure-host.com). If you do not have the information on which URL to use, email
us and we will provide you with all the information you will need to use secure server.
Using SSL with your own domain name
To use secure server with your own domain name as the URL,
you will need a digital certificate. First,
contact us letting us know you want to use this option. Next,
get a digital certificate through a third party such
as Verisign, which costs $349. The process is simple and takes a day
or two to complete.
|
