secure
online
application

Section VI - Security

1.a) Secure Web Pages

1.b) Secure Passwords

1.c) Secure FTP directories

1.d) Secure CGI-BIN directories

2) Secure (SSL) (https)

1.a) Secure Web Pages

How do I secure all web pages in a directory?

The easiest way is to use our web based Secure Web Directory Manager. Or, you can set it up manually:
If your home directory is yourlogin, create a file named .htaccess in your web directory that contains the following:

    AuthUserFile /home/yourlogin/.htpasswd
    AuthGroupFile /dev/null
    AuthName ByPassword
    AuthType Basic
    <Limit GET POST>
    require user pumpkin
    </Limit>

Then in your home directory, type htpasswd -c .htpasswd pumpkin.

This will enable you to secure the directory so that only user pumpkin can enter this directory.

You may well want any of the user/password combinations you created in your .htpasswd file to allow access. Just say require valid-user instead of require user xxx in .htaccess and any of the users you created will be able to access the files.

Note that you want to store the .htpasswd file in your home directory so it is hidden from others. The one drawback to putting your .htpasswd file in your home directory is that you will have to slightly lower the security of your home directory. Go to /home and type chmod +x yourlogin. The web needs execute permission on to read the .htpasswd file.

1.b) Secure Passwords

How do I create a secure password?

Make it at least 6 characters long. Include at least one number, capital letter, or punctuation mark in the name.

1.c) Secure FTP directories

How do I create secure ftp directories?

To make a directory named direct that can only be accessed by userid fred, go to the directory above direct and type chown fred direct. If you wish for only fred to read and write in it, type chmod 700 direct. If you wish to allow others to read these files you can type chmod a+rx direct after typing the first command.

To list the access permissions of a file or directory, type ls -ls *. r=read access, x=execute access, w=write access. The first three letters apply to you, the second three letters apply to your group, the last three letters apply to everyone else. Execute access enables you to run programs or enter directories.

Examples of using chmod:

    PEOPLE                                    PERMISSIONS
    u = the file's user (or owner)            r = read access
    g = the file's group                      x = execute access
    o = others                                w = write access
    a = the user, the group, and others.

    chmod a+w =  let everyone write to the file
    chmod go-r = don't let people in the file's group or others to read
                 the file
    chmod g+x =  let people in the file's group execute the file

1.d) Secure CGI-BIN Directories

How do I secure all pages in a cgi-bin directory?

To stop people from being able to read your scripts under all circumstances, end your CGI scripts with the name .cgi.

2) Secure (SSL) (https)

Secure (Apache Stronghold) is available to all advanced accounts.
If you want to use secure with your own domain name as the URL, there are a few things that need to be done. First off, contact us letting us know you want to do this. Second, you will have to obtain a digital certificate from a third party such as Verisign, which costs $290 for the first year and $90 each year after. Again, please contact us before trying to obtain a digitial ID for your domain.