MyWebServer
Home Free Downloads Docs FAQ's The Collective Community Tools Help About MyWebServer

Help  |   Articles  -  Tutorials  -  How To's
 
 

Site Security - Assigning User ID's and Passwords

 

Security Levels
Depending on your needs you may or may not need or want user Id and password security on your personal web site.

No Security
This is the default way MyWebServer is installed. No passwords are required to access your MyWebServer site. Remote administration is not possible without at least an Admin user ID and password. If you want to keep your server secret and just use it yourself with IP addresses like http://123.43.26.111 where 123.43.26.111 is your current IP Address. This is probably fine because there are over 4 billion possible IP addresses so the chance of someone guessing yours is pretty small. Although hackers and hacker tools may know the IP address range of your Internet Service Provider and be able to scan for servers that are listening for connections therefore getting into your site.

Secret Port Number
You can activate a second web server on your computer at a port number other than 80 which is the normal port number http web browsers use in general to get web pages from http web servers. If you enable your second web server and set the second servers port number to 9600 for instance, users could access your second server with a URL like this http://123.43.26.111:9600 where 123.43.26.111 is your current IP Address. There are around 32000 possible port numbers so it might be hard for someone to guess yours. A common tool hackers use is called a port scanner which scans a computers address for open or listening ports by trying to connect to each port in turn.

User ID And Password Security
User ID and password security can be added to either of MyWebServers 2 servers independently. In order for someone to access your web site they would be required to enter a User ID or User Name and a Password. This way you can limit who can read and download the files you have placed within the Root Directories of your servers.


Enabling MyWebServer's User Id And Password Security

Starting The Password Manager
Click on the Passwords button in the MyWebServer Control Panel or select Add Or Change Passwords from MyWebServers popup menu to start the Password Manager Program.

Enabling User ID And Password Security
Click on Enable Password Authentication For Server 1 or Enable Password Authentication For Server 2 to require the correct user ID or name and Password be entered before access is allowed.

Adding Users
Click on the Add Button in the My Web Server Password Manager window. A dialog box will appear in which you can enter the user ID or name and password you want to add. Click the OK Button. You will see that the user that you just added is now visible in the Users List in the My Web Server Password Manager window.

Changing Users Passwords
Click on the user whose password you would like to change in the Users list in the My Web Server Password Manager window. Click on the Modify button. A dialog box will appear displaying the old password.  Change the old password to the new password and click the OK Button. The password has now been changed for this user

Deleting Users
Click on the user whose password you would like to delete in the Users list in the My Web Server Password Manager window. Click on the Delete button. The user has now been changed for this user.

Quitting From The Password Manager
Click on the Done button when you are done adding Users or changing Passwords.


Accessability to Your Files
MyWebServer is a file server and can transfer files which are located within the MyWebServer Root Directory from your computer to other computers. User Id and Password protection can control who has access to read or download these files.

Vulnerability To Uploaded Files
MyWebServer can also receive files that are uploaded from users web browsers if you enable File Uploads. The files are saved  in a directory you specify which can be outside of the MyWebServer Root hierarchy if you desire. The Files are received and stored in a mime format which can not be run on your computer until it is extracted from its mime wrapper. There is no way for an uploaded file to be executed remotely because of this mime wrapper. But never the less you should never set your file upload directory to be your cgi-bin directory which is where files must be located in order to be executed remotely. 

Vulnerability To Data Posted From Web Forms
MyWebServer can also receive data that is uploaded from a web based form if you enable Generic Posts.   The form data  is saved in a file files in a directory you specify which can be outside of the MyWebServer Root hierarchy if you desire. The Files are received and stored in a Text format which is can not be run on your computer by any known scripting language. There is no way for an uploaded file to be executed remotely because of its formatting. But never the less you should never set your posting location or message location directory to be your cgi-bin directory which is where files must be located in order to be executed remotely. 

Vulnerability to Unknown CGI Programs and Scripts
MyWebServer is relatively safe from outside attacks but if you need to be aware that enabling CGI programs and placing unknown cgi programs or scripts inside your cgi-bin directory makes your whole computer accessible to to those rogue CGI programs or scripts. So you really need to know and trust where the scripts or programs came from or you need to be able to read and understand the scripts so you can verify that they do not do anything evil.


If Your Still Afraid, Good Follow These Guidelines

Choose your root directory carefully don't set it to the C drive "C:\" unless you have nothing to hide. By controlling what is in the Root Directory you control what files MyWebServer makes available to others.No directory above your MyWebServer Root directory is available through MyWebServer so these directories are safe from users and hackers prying eyes.

Don't put anything you don't want to share inside the web root dir or one of its sub directories. Unless you have created userId's and Passwords to grant access to those files only to the people you have specifically given User Id's or User Names and Passwords to.

Don't allow uploads, posts or messages  to the cgi-bin directory.

Don't even Enable CGI programs or scripts unless you have to.

Only install and use CGI programs or scripts you have read and understood or CGI programs or scripts from authors you trust.

CGI Programs or scripts are virtually the only means by which ROGUE programs can permanently effect your computer. We can not stress enough the care that must be exercised when deploying them on your computer. One sure way to get quality scripts and CGI programs is to download them from this web sites Official Download Area. We will make an effort to make sure that all the CGI scripts and Programs available in this area have been screened and checked for safety to your computer. We have no way of testing the scripts that are generally available on the internet or through the web sites listed in our Tools area.

Don't even create a User ID for a user named Admin. This will disable remote administration of MyWebServer completely. 

 
 

Creating Virtual Directories


[ Home ] [ Downloads ] [ Docs ] [ FAQs ] [ The Collective ] [ Community ] [ Tools ] [ Help ] [ About ]