Main Page/Stuff/password-protect

From phurvitz
< Main Page‎ | Stuff
Revision as of 21:03, 1 February 2010 by Phil Hurvitz (talk | contribs)
Jump to: navigation, search

This describes how to distribute protected data.


Important Note

This method is inherently insecure since the user and password are not encrypted, and the "tunnel" of data is not encrypted. It provides a basic level of security.

!!! MAKE SURE THE FILES THEMSELVES ARE ENCRYPTED !!!!


Assumptions:

  1. You can create password protected zip files
  2. You can connect to homer and use the linux shell
  3. You can connect to homer for file transfers
  4. You can log in to homer as the lab user
  5. You have the htaccess script in your executable path


Steps:

  1. Put your data in a password-protected zip file.
  2. Open an ssh session to homer with both the shell (ssh) and the file transfer application (sftp).
  3. Using the shell, the following text shows an interactive session to create the folder and to password-protect the folder.
    Note this shows the shell prompt. Comments start with a # sign, and actual commands are bold

    # change directory into the web root
    ufl@ovid21 ~
    528 % cd public_html/

    # make a new folder
    ufl@ovid21 ~/public_html
    529 % mkdir parcel_point

    # move to the new folder
    ufl@ovid21 ~/public_html
    530 % cd parcel_point/

    # create the password file. the file name is `.htpasswd' with a user `foo' and the password `bar'
    ufl@ovid21 ~/public_html/parcel_point
    531 % htpasswd -bc .htpasswd foo bar
    Adding password for user foo

    # create the htaccess (control file)
    ufl@ovid21 ~/public_html/parcel_point
    532 % htaccess
    created .htaccess

  4. Copy the encrypted zip file to the folder you created (in this example, public_html/parcel_point/parcels.zip, which translates to the URL http://depts.washington.edu/ufl/parcel_point/)
  5. Telephone the person you want to have access to your data.
    1. Give them the URL, the username and password for access control, and the password for the zip file.
      They will see this type of interface, in which to type the user name and password:

      Htaccess.gif

      After they enter the correct authentication information they will have access to the web page.

      Htaccess2.gif
    2. Instruct them to let you know when they have downloaded and successfully unzipped the zip file.
  6. After they have obtained the data, delete the zip file and/or folder.