Difference between revisions of "Main Page/Stuff/password-protect"
Phil Hurvitz (talk | contribs) |
Phil Hurvitz (talk | contribs) |
||
(9 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
This method is inherently insecure since the user and password are not encrypted, and the "tunnel" of data is not encrypted. It provides a basic level of security. | This method is inherently insecure since the user and password are not encrypted, and the "tunnel" of data is not encrypted. It provides a basic level of security. | ||
− | '''''!!! MAKE SURE THE FILES THEMSELVES ARE ENCRYPTED | + | '''''!!! MAKE SURE THE FILES THEMSELVES ARE ENCRYPTED if you need additional security !!!''''' |
Line 14: | Line 14: | ||
# You can connect to homer for file transfers | # You can connect to homer for file transfers | ||
# You can log in to homer as the lab user | # You can log in to homer as the lab user | ||
− | # You have the [[/htaccess|htaccess]] script in your executable path | + | # You have the [[/htaccess|htaccess]] script in your executable path (or you are able to write the `.htaccess' file manually) |
+ | |||
+ | |||
+ | =Explanation= | ||
+ | '''htaccess''' control allows simple password-protection of a web directory. It requires two readable files to be present, `.htaccess' (which controls access) and `.htpasswd' (which contains usernames and passwords). See [[/_htaccess|this example of a `.htaccess' file]] and [[_htpasswd|this example of a `.htpasswd' file]]. The presence of these files controls access to the folder they are in, as well as to sub-folders (unless other access restrictions exist at sub-folder levels). | ||
Line 39: | Line 43: | ||
#:531 % '''htpasswd -bc .htpasswd foo bar''' | #:531 % '''htpasswd -bc .htpasswd foo bar''' | ||
#:Adding password for user foo | #:Adding password for user foo | ||
+ | #: <br></tt> | ||
+ | #:: '''''Note: if you are adding a password to an existing .htpasswd file, omit the `-c' flag, e.g.,''''' <tt> | ||
+ | #::ufl@ovid21 ~/public_html/parcel_point | ||
+ | #::531 % '''htpasswd -b .htpasswd foo bar'''</tt> | ||
#: <br> | #: <br> | ||
− | #: # create the htaccess (control file) | + | #: '''''Note: alternatively you can write the .htaccess file manually, see [[/_htaccess | this example]].''''' |
+ | #: <tt># create the htaccess (control file), assuming you have Phil's [[/htaccess|htaccess]] script in your executable path | ||
#:ufl@ovid21 ~/public_html/parcel_point | #:ufl@ovid21 ~/public_html/parcel_point | ||
#:532 % '''htaccess''' | #:532 % '''htaccess''' | ||
#: created .htaccess | #: created .htaccess | ||
#:<br></tt> | #:<br></tt> | ||
+ | #: | ||
# Copy the encrypted zip file to the folder you created (in this example, ''public_html/parcel_point/parcels.zip'', which translates to the URL ''http://depts.washington.edu/ufl/parcel_point/'') | # Copy the encrypted zip file to the folder you created (in this example, ''public_html/parcel_point/parcels.zip'', which translates to the URL ''http://depts.washington.edu/ufl/parcel_point/'') | ||
# Telephone the person you want to have access to your data. | # Telephone the person you want to have access to your data. | ||
Line 53: | Line 63: | ||
##: After they enter the correct authentication information they will have access to the web page. | ##: After they enter the correct authentication information they will have access to the web page. | ||
##: <br>[[Image:Htaccess2.gif]] | ##: <br>[[Image:Htaccess2.gif]] | ||
− | ##: | + | ##: <br> |
## Instruct them to let you know when they have downloaded and successfully unzipped the zip file. | ## Instruct them to let you know when they have downloaded and successfully unzipped the zip file. | ||
# After they have obtained the data, delete the zip file and/or folder. | # After they have obtained the data, delete the zip file and/or folder. |
Latest revision as of 15:49, 4 February 2010
This describes how to distribute protected data.
Important Note
This method is inherently insecure since the user and password are not encrypted, and the "tunnel" of data is not encrypted. It provides a basic level of security.
!!! MAKE SURE THE FILES THEMSELVES ARE ENCRYPTED if you need additional security !!!
Assumptions:
- You can create password protected zip files
- You can connect to homer and use the linux shell
- You can connect to homer for file transfers
- You can log in to homer as the lab user
- You have the htaccess script in your executable path (or you are able to write the `.htaccess' file manually)
Explanation
htaccess control allows simple password-protection of a web directory. It requires two readable files to be present, `.htaccess' (which controls access) and `.htpasswd' (which contains usernames and passwords). See this example of a `.htaccess' file and this example of a `.htpasswd' file. The presence of these files controls access to the folder they are in, as well as to sub-folders (unless other access restrictions exist at sub-folder levels).
Steps:
- Put your data in a password-protected zip file.
- Open an ssh session to homer with both the shell (ssh) and the file transfer application (sftp).
- Using the shell, the following text shows an interactive session to create the folder and to password-protect the folder.
- Note this shows the shell prompt. Comments start with a # sign, and actual commands are bold
- # change directory into the web root
- ufl@ovid21 ~
- 528 % cd public_html/
- # make a new folder
- ufl@ovid21 ~/public_html
- 529 % mkdir parcel_point
- # move to the new folder
- ufl@ovid21 ~/public_html
- 530 % cd parcel_point/
- # create the password file. the file name is `.htpasswd' with a user `foo' and the password `bar'
- ufl@ovid21 ~/public_html/parcel_point
- 531 % htpasswd -bc .htpasswd foo bar
- Adding password for user foo
-
- Note: if you are adding a password to an existing .htpasswd file, omit the `-c' flag, e.g.,
- ufl@ovid21 ~/public_html/parcel_point
- 531 % htpasswd -b .htpasswd foo bar
-
- Note: alternatively you can write the .htaccess file manually, see this example.
- # create the htaccess (control file), assuming you have Phil's htaccess script in your executable path
- ufl@ovid21 ~/public_html/parcel_point
- 532 % htaccess
- created .htaccess
- Copy the encrypted zip file to the folder you created (in this example, public_html/parcel_point/parcels.zip, which translates to the URL http://depts.washington.edu/ufl/parcel_point/)
- Telephone the person you want to have access to your data.
- Give them the URL, the username and password for access control, and the password for the zip file.
- Instruct them to let you know when they have downloaded and successfully unzipped the zip file.
- After they have obtained the data, delete the zip file and/or folder.