EditWrx Knowledge Base Home
 Search       Login   Register   Members   Help   Home 
Search by username

EditWrx Knowledge Base > Content Management Concepts > Community Builder Concepts > Question about directory authentication and editwrx authentication

Question about directory authentication and editwrx authentication
 Moderated by: Keith  
 New Topic   Reply   Print 
AuthorPost
pjc_nw
Member
 

Joined: Thu May 22nd, 2008
Location:  
Posts: 6
  Posted: Thu May 22nd, 2008 05:50 am
 Quote  Reply 
I'm looking at editwrx ...so far looks very good!

Question:
Editwrx includes a way of protecting directories using apache's .htaccess files. There is also a login required for editors/publishers/etc to use editwrx application itself. Can it be setup so that:

The entire website is closed (and not visible) except to people who log-in and that once they log in to the site (through this htaccess system) they are also logged-in appropriately to editwrx so that they can edit pages on the site (assuming they are setup to do that)?

Another related question: Can I assume that with the editwrx cgi files sitting in cgi-bin with the permissions set to 755 my site is secure because of the editwrx username/password required there?

Last edited on Thu May 22nd, 2008 05:53 am by pjc_nw
Keith
Moderator
 

Joined: Fri Apr 8th, 2005
Location:  
Posts: 603
  Posted: Fri May 23rd, 2008 10:33 pm
 Quote  Reply 
Basic Authentication does not provide a way to pass the username and password on to other programs. That's an inherent safety parameter buit-in to Basic Authentication.

On Apache, either give the files in /library/data folder only 0600 permissions, set the /library/data folder's permissions to 0700, or create an .htaccess file in /editwrx with

<files *.txt>
Order allow,deny
Deny from all
</files>

in it and editwrx is safer than Basic Authentication.

 Current time is 11:46 pm




Powered by WowBB 1.62 - Copyright © 2003-2004 Aycan Gulez