Web security authentication and authorization Research Paper

Web tribute enfranchisement and authorization - Research Paper ExampleAuthentication Mechanism If a particular choice needs to be protected,using elementary authentication mechanism,Apache emcee sends a header including 401 authentications in repose to the request. As the substance abuser enter credentials,consisting of username and intelligence,for the resource to be returned as requested. Moreover, as soon as 401 response headers scram by the sack browser, it asks the user to specify username and password in order to authenticate the user. Similarly, the server leave alone check the credentials in the safe list, if they are available the resource is made available to the user. Securing the circumscribe For any individual resource on a weathervane server, the methodology for securing contents includes actions in ground of step to configure elementary authentication procedures. The send-off step would be to urinate a password file. The second step is to determine the con figuration in order to obtain the file containing passwords i.e. the password file. Moreover, the first step is to determine valid user credentials, consisting of username and password. Likewise, the credentials provided by the user are matched successfully to a valid username and password lists. The password file is created on the server to validate legitimate user authentication mechanism. However, the password file is a delicate and confidential piece of information and must be stored alfresco of the document directory in order to eliminate any potential threats from hackers or viruses. For creating a password file, a utility names as htpasswd is executed. It is htpasswd is used to create and modify the flat-files used to store usernames and password for raw material authentication of HTTP users. If htpasswd cannot access a file, such as not being able to write to the production file or not being able to read the file in order to update it, it returns an error status and make s no changes (Htpasswd - manage user files for basic authentication - apache HTTP server ). This utility is fit(p) in the bin directory of the Apache. For instance, it is available in /usr/local/apache/bin/htpasswd. However, for the construct of the file, certain commands are executed. For example, to create a password file these commands are executed htpasswd c /user/local/apache/passwd/passwords username After punish the command, htpasswd will prompt the user for the password. Furthermore, after providing the password, the file is created. In order to add a youthful user to the password list, following command is executed htpasswd /usr/local/apache/passwd/passwords testuser This command will add this user credentials to the password file. In addition, the user name, named as testuser is already created earlier on the webserver. After the creation of the password file, Apache configuration is conducted with the required directives. The directives are located in an .htaccess f ile, on a particular directory associated with server configuration. Web Contents Prevention In order to maintain a sophisticated web server, web content prevention is essential to ensure the safety of web contents available on the web server. Apache digest authentication is made for this purpose. It is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller (What is digest authentication? - definition from whatis.com ). The command digest authentication is executed on the module named as mod_auth_digest. This utility will never transmit the passwords across the network. In fact, these files are transmissible via MD5 digested passwords, eliminating attacks such as sniffing the network traffic for passwords. There are some steps incorporated in order to accomplish this utility from the Apache web server. Likewise, the configuration for digest authentication is quite similar to the ground authentication . The first step involves the creation of a password file. The command executed for the creation