Authenticating Web Users via HTACCESS. Mu Beta Psi, National Honorary Musical Fraternity. Webmaster Resources Series

Similar documents
User authentication, passwords

Web Servers and Security

Architecture. Steven M. Bellovin October 27,

oit Using HTPASSWD to Password Protect Pages on Campus Web Server Web sites UMass Offi ce of Information Technologies

Architecture. Steven M. Bellovin October 31,

Using WS_FTP. Step 1 - Open WS_FTP LE and create a Session Profile.

Step by Step Guide Domain Security Pro

How the Privileged User Stole Christmas

Using.htaccess to Restrict OU Directory by Usernames and Passwords in an.htpasswd File

Welcome To Account Manager 2.0

ICE Clear Netherlands

Using.htaccess to Restrict Access to OU Directories

Activity: Creating a group page, assigning a user to the group page and linking the group page to a staff member in the school s staff directory.

TaskMaster Documentation INSTALLATION GUIDE

oit

If you want to provide customized error handling for a directory, you might try this:

Welcome Pack.

One-Time PIN. User Guide

DIGITAL SIGNATURE SERVICE OPERATIONAL

Joomla 3.X Global Settings Part III Server Settings

Manual - Online Software Deltares

Auto-Provisioning Mediatrix units May 31, 2011

Secure Single Sign On with FingerTec OFIS

Creating Domain Templates Using the Domain Template Builder 11g Release 1 (10.3.6)

INSTRUCTIONS FOR CREATING A GROUP OR CLASS AND ENTERING STUDENT NAMES INTO LEARN360

WDD Fall 2016Group 4 Project Report

Metalogix Essentials for Office Creating a Backup

.htaccess. What is it and what can it do?

BLUEPRINT REQUIREMENTS CENTER 2010 BLUEPRINT TEAM REPOSITORY VERSION 2. Administrator s Guide

Active Directory 2000 Plugin Installation for Cisco CallManager

Setting up the Apache Web Server

FTP Service Reference

Web Servers and Security

PAS. Installation Guide. BG0608 Rev. A1. Copyright SATEC Ltd.

Accessing your Inter-Library Loan document via the British Library s On Demand service

Options for managing Shared Folders

User Guide. BlackBerry Workspaces for Windows. Version 5.5

Build great products. Contour Enterprise Architect Connector Jama Software, Inc.

American Public Health Association s Affiliate Online Community User s Guide. October 2015 edition

Using the Self-Service Portal

Accessing Encrypted s Guide for Non-NHSmail users

CUSTOMER PORTAL. Introduction and Guide

Baylor Bear Foundation DonorNet Online Giving Instructions

PASSPORTAL PLUGIN DOCUMENTATION

About This Guide. Audience Database administrators should use this guide.

Manually Password Protect Directories Apache Ubuntu

Upgrading the Cisco APIC-EM Deployment

BlackBerry PlayBook Security: Part two BlackBerry Bridge

Change Schema Active Directory Password Mac Users Can't

Contents. Egress Switch Administration Panel User Guide. Switch Administration Panel- Quick Start Guide

Using the New UCOP UAT Validation Reports for Graduate Admissions

Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess. 31 st Oct - 4 th Nov Blantyre, Malawi. Dorcas Muthoni.

WAMP Bundle installation guide for CCSuite

Accounts. Adding accounts

Self Service Password Reset

From the User Profile section of your employer account, select User Profile and enter your new password.

Backup and Restore. About Backup and Restore

Creating an Adobe Connect Presentation: Using Your Personal Computer to Record and Publish

GETTING STARTED TABLE OF CONTENTS

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

MBM Corporation. Web-based Order Entry

Protection from Crawler using.htaccess Technique

ROCK-POND REPORTING 2.1

How to Add and Remove Permissions to Your Page

Download Keepass from select Professional Edition

Documentation. nfront Web Password Change. Version nfront Security. All Rights Reserved.

Genesys Interaction Recording Solution Guide. WebDAV Requirements

First Unitarian Online Photo Directory Frequently Asked Questions

SAS Data Explorer 2.1: User s Guide

How to install and configure the Hexago Gateway6 Client on Linux

Microsoft Windows SharePoint Services

There are several formatting conventions used in this document. Please take note of the formatting styles:

ACS 5.x: LDAP Server Configuration Example

We have created 9 steps to ensure a smooth transition from your current hosting provider to AT&T Website Solutions

Managing Source Code With Subversion

Build great products. Contour 3.1 Enterprise Architect Guide Jama Software, Inc.

SETUP FOR OUTLOOK (Updated October, 2018)

Web Design Competition Tutorial. Designed for use by the Michigan Council of Women in Technology Copyright 2018 Patricia Howard All Rights Reserved

Xton Access Manager GETTING STARTED GUIDE

IT Operation Support Services Self Service Password Reset (SSPR) Enrollment User Guide

Scope Use this guide to migrate your P6 EPPM schema to a P6 Professional schema or your P6 Professional schema to a P6 EPPM schema.

Learning Management System (LMS) General FAQs

Synology Diskstation User Guide Based On Dsm 4.2

Vault. Vault. End User Guide END USER GUIDE. L o r e. (For Standard, Professional & Enterprise Editions)

Virtual CD TS 1 Introduction... 3

Home Access Setup Instructions

NetBackup 7.6 Replication Director A Hands On Experience

Upgrading the Cisco APIC-EM Deployment

MyTax.DC.gov User Guide: How to Sign up

Some Linux (Unix) Commands that might help you in ENSC351

DocShuttle Administrator

One-Time PIN. User Guide

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

Script.byu.edu SharePoint Instructions

Reference Guide. Adding a Generic File Store - Importing From a Local or Network ShipWorks Page 1 of 21

D6.1. Project website and internal IT communication infrastructure HINT. 36 months FP7/

Table of Contents Brainshark. All rights reserved.

PreTect Analysis Documentation

Best Practices (PDshop Security Tips)

SharpSchool Chapter 7 USER MANUAL EXTERNAL LINK PAGE For more information, please visit:

Transcription:

Authenticating Web Users via HTACCESS Mu Beta Psi, National Honorary Musical Fraternity Webmaster Resources Series FIRST RELEASE OCTOBER 11, 2005

TABLE OF CONTENTS Introduction to User Authentication...1 Introduction to HTACCESS...1 The HTACCESS File...2 The HTPASSWD File...2 For More Information...3 Page 1

Introduction to User Authentication User Authentication is the process of verifying a person s identity in order to grant special privileges, such as viewing protected documents, sending email, etc. User authentication can be done on an individual basis ( I am Joe Jones ), or on a group level ( I am a member of Team 5 ). Within Mu Beta Psi, the Information Technology Policy provides for the need to perform user authentication before granting access to certain information, termed Restricted Content. Restricted Content may include Brothers personal information, pledge policies, and discussion of Fraternity business, among others. IMPORTANT NOTE Be sure to differentiate between Restricted Content, which must be password-protected, and Prohibited Content, which may not be posted online! Beyond the requirements of policy, it is often desirable to create Brothers Only areas of a Chapter website for the purposes of coordinating internal social or pledging events, collaborating on works-in-progress, or storing Chapter records. User authentication is the key to creating such areas. Introduction to HTACCESS The most basic form of user authentication for the web is called HTACCESS. With HTACCESS, a file (named, appropriately enough,.htaccess) is placed in the folder to be protected. This file typically contains information about who is permitted to view the files contained in the directory and its subdirectories, the method of authentication, and the location of the user information. A separate file, called htpasswd contains the actual usernames and passwords. HTACCESS is great for simple authentication. It s not ideal for situations where you have a large number of users, or where passwords change frequently, due to the need to manually update encrypted passwords in the HTPASSWD file. Beyond user authentication, there are some other advanced features of HTACCESS, such as handling redirects and setting up environment variables. Although this goes beyond the scope of this document, you can find references to more information about HTACCESS in the last section of this guide. Page 1

The HTACCESS File A simple htaccess file is below: AuthName "Brothers Only" AuthType Basic AuthUserFile /full/path/to/.htpasswd Require valid_user The first line defines the name of the protected area. This text will appear on the prompt box where users will enter their username/password. The second line defines the method of authentication ( Basic authentication is fine in most cases). The third line identifies the location of the HTPASSWD file, which contains valid username/password combinations. We will discuss the contents of this file in more detail later, but for now you should be aware of the following: For security reasons, this file should not be stored in any directory that is accessible from the internet. In other words, if the files that make up your homepage are located in the /home/usr/mbpsi/www/ directory, your HTPASSWD file should not be. Store it in /home/usr/mbpsi/secure instead. The file path for this file should be listed as an absolute path, not relative to your home directory. If you have any questions about this, please contact the Mu Beta Psi webmaster, who can assist you. The last line in the example above is the list of valid usernames (as stored in the htpasswd file) that are permitted to access this directory. In this way, you can have multiple htaccess files that share one htpasswd file. In the example shown, the user valid_user is permitted to view the files. TIP The filename.htaccess may look strange, but it s really pretty simple. It consists of an empty filename, and the extension htaccess. Save the file in the directory you want to protect with the name.htaccess. If you wish to protect subdirectories using a different authentication scheme, put a separate htaccess file in each subdirectory. The HTPASSWD File The HTPASSWD file, as mentioned earlier, contains the list of established usernames and passwords. The structure of this file is very simple. An example is shown below: Page 2

valid_user:ydptsbmjfpgru joe_jones:hqrimzcnzzgm This example shows two users, valid_user and joe_jones. From our previous example, we see that only valid_user is permitted to view our particular directory. In this way, you can set up an htpasswd file to protect multiple directories based on the username. The username is separated from the password by a colon. The password itself is encrypted, to prevent anyone viewing the text file from seeing the password. There are several web scripts available to help you generate your passwords. A few of these are listed in the next section. Again, store the htpasswd file in a directory separate from your web folder, if at all possible. Even though the passwords in the file are encrypted (and can t be decrypted), storing the file separately will prevent anyone from learning what valid usernames are enabled for your site, which makes hacking monumentally more difficult. For More Information For more information about htaccess, try one of the following websites. If you have questions or get stuck, contact the Mu Beta Psi webmaster for assistance, at webmaster@mubetapsi.org. Happy coding! HTACCESS information at Free Webmaster Help (Basic): www.freewebmasterhelp.com/tutorials/htaccess Password Encryption Script at KXS: www.kxs.net/support/htaccess_pw.html More advanced HTACCESS tutorial: www.javascriptkit.com/howto/htacess.shtml Page 3

ΜΒΨ Mu Beta Psi National Honorary Musical Fraternity http://www.mubetapsi.org webmaster@mubetapsi.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback