• Chapter 1: General Features
• Chapter 2: Common Problems
• Chapter 3: Security
• Chapter 4: Uploading and Downloading Files
• Chapter 5: Frequently Asked Questions
• Chapter 6: JSP/Servlets Information - TBD

CHAPTER THREE - Security
Security: How do I implement it?

3.1) Secure Web Pages

3.2) Secure Passwords

3.3) Secure FTP Directories

3.4) Secure CGI-BIN Directories

3.5) Secure Socket Layer (SSL)

3.1) Secure Web Pages

How do I secure all web pages in a directory?

Please use the browser control panel interface for password protecting your web pages. Under Site Management category select Web Protect. This interface will help you create and install all of the necessary files to protect a directory.

If you have telnet enabled, login, and in the directory you wish to protect, create a file named .htaccess in your web directory that contains the following:

    AuthUserFile /home/yourlogin/.htpasswd
    AuthGroupFile /dev/null
    AuthName ByPassword
    AuthType Basic
    <Limit GET POST>
    require user pumpkin
    </Limit>

This will enable you to secure the directory so that only user pumpkin can enter this directory.

 You may well want any of the user/password combinations you created in your .htpasswd file to allow access. Just say require valid-user instead of require user pumpkin in .htaccess and any of the users you created will be able to access the files.

Note that you want to store the .htpasswd file in your home directory so it is hidden from others. The one drawback to putting your .htpasswd file in your home directory is that you will have to slightly lower the security of your home directory. Go to /home and type chmod +x yourlogin. The web server needs execute permission on to read the .htpasswd file.

3.2) SECURE PASSWORDS

 Make it at least 6 characters long. Include at least one number, capital letter, or punctuation mark in the name. Passwords can be a maximum of 10 digits.

3.3) SECURE FTP DIRECTORIES

You must set the permissions on the ftp directory using the File Manager (in the File Category). Select the folder you wish to protect/unprotect, and use the Change Permissions option. The permissions are r=read access, x=execute access, w=write access. Ususlay, these access permissions are changed for the World category, to enable/disable access to the users of the site.

3.4) SECURE CGI-BIN DIRECTORIES

To stop people from being able to read your scripts under all circumstances, end your CGI scripts with the name .cgi.

3.5) SECURE SOCKET LAYER (SSL)

The webpage form that you want to be secure must be called via the secure server. The images in the webpage must also be called via the secure server. This is done by calling the files in the following format: