.

Monday, June 17, 2019

Web security authentication and authorization Research Paper

Web security authentication and authorization - Research Paper ExampleAuthentication Mechanism If a point resource needs to be protected,using elementary authentication mechanism,Apache waiter sends a header including 401 authentications in repose to the signal. As the exploiter enter credentials,consisting of exploitername and parole,for the resource to be returned as requested. Moreover, as soon as 401 response headers receive by the weathervane browser, it asks the user to specify username and password in order to authenticate the user. Similarly, the server will check the credentials in the safe list, if they ar available the resource is made available to the user. Securing the Contents For any individual resource on a web server, the methodology for securing contents includes actions in terms of step to configure elementary authentication procedures. The first step would be to create a password file. The second step is to determine the configuration in order to obtain the file containing passwords i.e. the password file. Moreover, the first step is to determine valid user credentials, consisting of username and password. Likewise, the credentials provided by the user ar matched successfully to a valid username and password lists. The password file is created on the server to validate legitimate user authentication mechanism. However, the password file is a delicate and confidential piece of information and must be stored outside of the document directory in order to snuff it any potential threats from hackers or viruses. For creating a password file, a benefit names as htpasswd is executed. It is htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users. If htpasswd cannot access a file, such as not universe able to write to the output file or not being able to read the file in order to update it, it returns an error status and makes no changes (Htpasswd - manage user file s for basic authentication - apache HTTP server ). This utility is located in the bin directory of the Apache. For instance, it is available in /usr/local/apache/bin/htpasswd. However, for the creation of the file, certain commands are executed. For example, to create a password file these commands are executed htpasswd c /user/local/apache/passwd/passwords username After executing the command, htpasswd will prompt the user for the password. Furthermore, after providing the password, the file is created. In order to add a new user to the password list, following command is executed htpasswd /usr/local/apache/passwd/passwords testuser This command will add this user credentials to the password file. In addition, the user name, named as testuser is already created earlier on the webserver. After the creation of the password file, Apache configuration is conducted with the required directives. The directives are located in an .htaccess file, on a grumpy directory associated with ser ver configuration. Web Contents Prevention In order to maintain a sophisticated web server, web content prevention is essential to experience the safety of web contents available on the web server. Apache digest authentication is made for this purpose. It is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller (What is digest authentication? - definition from whatis.com ). The command digest authentication is executed on the module named as mod_auth_digest. This utility will never transmit the passwords across the network. In fact, these files are transmitted via MD5 digested passwords, eliminating attacks such as sniffing the network traffic for passwords. There are some steps incorporated in order to accomplish this utility from the Apache web server. Likewise, the configuration for digest authentication is quite similar to the basis authentication. The first step involves the creation of a passwo rd file. The command executed for the creation

No comments:

Post a Comment