PDA

View Full Version : Security question.



andy
06-23-2004, 07:54 PM
Hello,
Should I use webpassword to put a password on my domain like the help section suggests, or is it already protected? In the "help" section as soon as you get into webpassword it gives an example like this...

WebPassword Name = security
URL=http://yourdomain.com
etc

Should I do this?

FZ
06-23-2004, 09:29 PM
Well, your account is always protected with your "global"/account username/password, no matter what you do.

So, you do not need to protect it using WebPassword (you can't do that anyway) - the only purpose that program serves is to let you protect specific directories (ones that can be displayed in a web browser). For example, you could create a directory called "members" (accessible via www.yourdomain.com/members/) and choose to password protect that directory.

andy
06-23-2004, 10:39 PM
I just installed a program in my cgi-bin directory, and to access it I type in http://www.domain.com/cgi-bin/xxxx.pl. I did this and no passwords came up. It then says anyone could access it if they know the name. It is a standard name, and they say someone would need to know this name, but I should protect it anyways with a .htaccess file. The problem is that I have protected directories before (with webpassword) but when I try to protect the xxxxx.pl file webpasswords says it's not a directory. And I do not know how to make an htaccess file to protect a specific file. Hope that made sense!

jalal
06-24-2004, 01:09 AM
I have this in my /var/www/cgi-bin/.htaccess file:

AuthName "Webmaster login"
AuthType basic

<FilesMatch "^awstats\.pl$">
AuthUserFile /var/www/cgi-bin/.htpasswd
require valid-user
</FilesMatch>

Seems to work fine.

HTH

wildjokerdesign
06-24-2004, 06:46 AM
Hi Andy,

I thought I would elaborate on what Jalal posted. You can create the .htaccess file using something like notepad or any plain text editor that you may have on your computer. Something like word or works will not work. Using Jalal's example you would replace awstats\.pl with the name of your script. Make sure to but the \ before the period.

Then to create the .htpasswd file you can use Fayez's example and create a protected directory on your site via your Site Manager. Then FTP in to your account and grab a copy of the .htpasswd that was created for that directory. You may have to look in the .htpasswd file to see where it is. I can't remember if it puts it in the same directory or not. Now you can upload that .htpasswd to your cgi-bin or you could alter the Jalal example to point to the .htpasswd file that was created. Here is a full example:


AuthName "Webmaster login"
AuthType basic

<FilesMatch "^xxx\.pl$">
AuthUserFile /var/www/members/.htpasswd
require valid-user
</FilesMatch>


The AuthName could be anything you wanted it to be just make sure to soround it in " "