Authentication: Secure Single Files: Difference between revisions
(New page: {{Uc nav Authentication}} '''Authentication - Single Files''' There are occasions when you would like to password protect one or two files. Using basic authentication makes this relativel...) |
m (→Summary) |
||
Line 248: | Line 248: | ||
{| | {| | ||
| [[Image:uc_small_logo.gif]] || [[User: | | [[Image:uc_small_logo.gif]] || [[User:Ric|Ric]] | ||
|} | |} | ||
[[Category: Uniform Server 4.0-Mona]] | [[Category: Uniform Server 4.0-Mona]] | ||
[[Category: UniCenter]] | [[Category: UniCenter]] |
Latest revision as of 15:59, 23 April 2009
Authentication: Introduction | Preparation | Directories | Secure Directories | Groups | Single Files | Secure Single Files |
Basic Authentication |
Authentication - Single Files
There are occasions when you would like to password protect one or two files. Using basic authentication makes this relatively easy.
This page provides a few examples.
Preparation
Add name/password pairs to your password file, I currently have the following:
Edit file: UniServer\udrive\htpasswd\www\.htpasswd add new users as required
root:root John:john123 Dave Smith:dave123 Mike:mike123 Jane:jane123 Dawn:dawn123 Ruth Smith:ruth123
Note 1: Delete the first entry root:root (everyone knows this) I use it for testing
Basic format
To protect a file you require the following blocks in file UniServer\udrive\www\.htaccess
AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd AuthGroupFile /htpasswd/www/.htgroup |
Set-up Basic Authentication |
<Files {file name}> Require {valid-user or user and or group} </Files> |
Files block for each file you wish to protect |
Example 1
Create the following test pages:
Preparation
- Create a new text file named demo1.html in folder UniServer\udrive\www with the following content
<html><head><title>Demo 1</title></head> <body> <h1>Demo 1</h1> </body></html>
- Create a new sub-folder in UniServer\udrive\www named demo2
- Copy file UniServer\udrive\www\images\logo.jpg to folder UniServer\udrive\www\demo2
- Create a new text file named demo2.html in folder UniServer\udrive\www\demo2 with the following content
<html><head><title>Demo 2</title></head> <body> <h1>Demo 2</h1> </body></html>
The above provides two html files and one image to protect.
Define Files block
Page demo1.html
<Files demo1.html> Require user root </Files> |
Name of file to protect |
Page demo2.html
<Files demo2.html> Require user "Dave Smith" </Files> |
Name of file to protect |
Image logo.jpg
<Files logo.jpg> Require user John Dawn </Files> |
Name of file to protect |
Edit .htaccess
Add the following blocks to file UniServer\udrive\www\.htaccess
The complete authentication block should look like this (delete any extra linesin the block)
#-- # Activate this to use the Private Server Feature! #-- # To lock server, uncomment the next 4 lines. # Defaults: Username - root; Password - root AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd <Files demo1.html> Require user root </Files> <Files demo2.html> Require user "Dave Smith" </Files> <Files logo.jpg> Require user John Dawn </Files>
Tests
Test 1
- Run servers
- Restart browser
- Type http://localhost/index.php into browser - You will be challenge for a name and password. - click cancel
- Type http://localhost:81/demo2/logo.jpg again you will be challenge for a name and password.
- Enter either John john123 or Dawn dawn123 to view the image
Undesirable side-effect
Generally speaking the location of a fie makes it unique edit the file in one location and the other version in a different location is not changed.
However the .htaccess file does not make this distinction, being placed in the web-root it is protecting the current folder and all sub-folders. Any file that matches the name set in the Files directive is protected by the Require line.
This can cause some undesirable side-effects for example if you are hosting many sites with different logos with the name logo.jpg all logo.jpg are protected. Hence a user will be prompted for a name and password before the logo can be displayed.
Solution
Solution is simple create a sub-folder and copy all unique files to be protected into it. Create a new .htaacess and place all associated directives in this file. Remove the directives from the web-root .htaccess file.
Using our example files
- Copy .htaccess from www into folder demo2
- Move file demo1.html to folder demo2
- Remove this section from file www\.htaccess
#-- # Activate this to use the Private Server Feature! #-- # To lock server, uncomment the next 4 lines. # Defaults: Username - root; Password - root AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd <Files demo1.html> Require user root </Files> <Files demo2.html> Require user "Dave Smith" </Files> <Files logo.jpg> Require user John Dawn </Files>
- Delete everything in file www\demo2\.htaccess with the exception of this block:
AuthName "Uniform Server - Server Access" AuthType Basic AuthUserFile /htpasswd/www/.htpasswd <Files demo1.html> Require user root </Files> <Files demo2.html> Require user "Dave Smith" </Files> <Files logo.jpg> Require user John Dawn </Files>
Having isolated the files effectively makes them unique and can be targeted specifically
Test 2
Run the following tests:
- Run servers
- Restart browser
- Type http://localhost/index.php into browser - You will not be challenge for a name and password.
- Type http://localhost/demo2/logo.jpg You will be challenge for a name and password.
- Enter either John john123 or Dawn dawn123 to view the image
- Type http://localhost/demo1.html When challenged enter root root
- Type http://localhost/demo2/demo2.html When challenged enter Dave Smith dave123
We are not protecting the folder but individual files.
Note: If you with to repeat the tests remember to restart your browser.
Summary
Protecting individual files is easy each new file requiring only a small section of code.
If running an Intranet you probably don’t need to use encryption however if the content is sensitive data it needs to be secured.
On the next page I cover single file encryption.
Ric |