StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...

Web security authentication and authorization - Research Paper Example

Cite this document
Summary
Authentication Mechanism If a particular resource needs to be protected,using elementary authentication mechanism,Apache server sends a header including “401 authentications” in repose to the request. As the user enter credentials,consisting of username and password,for the resource to be returned as requested…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.5% of users find it useful
Web security authentication and authorization
Read Text Preview

Extract of sample "Web security authentication and authorization"

Download file to see previous pages

Authentication Mechanism If a particular resource needs to be protected,using elementary authentication mechanism,Apache server sends a header including “401 authentications” in repose to the request. As the user enter credentials,consisting of username and password,for the resource to be returned as requested. Moreover, as soon as 401 response headers receive by the web browser, it asks the user to specify username and password in order to authenticate the user. Similarly, the server will check the credentials in the safe list, if they are available; the resource is made available to the user.

Securing the Contents For any individual resource on a web server, the methodology for securing contents includes actions in terms of step to configure elementary authentication procedures. The first step would be to create a password file. The second step is to determine the configuration in order to obtain the file containing passwords i.e. the password file. Moreover, the first step is to determine valid user credentials, consisting of username and password. Likewise, the credentials provided by the user are matched successfully to a valid username and password lists.

The password file is created on the server to validate legitimate user authentication mechanism. However, the password file is a delicate and confidential piece of information and must be stored outside of the document directory in order to eliminate any potential threats from hackers or viruses. For creating a password file, a utility names as “htpasswd” is executed. It is “htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users.

If htpasswd cannot access a file, such as not being able to write to the output file or not being able to read the file in order to update it, it returns an error status and makes no changes” (Htpasswd - manage user files for basic authentication - apache HTTP server ). This utility is located in the “bin” directory of the Apache. For instance, it is available in /usr/local/apache/bin/htpasswd. However, for the creation of the file, certain commands are executed. For example, to create a password file these commands are executed: ‘htpasswd – c /user/local/apache/passwd/passwords username’ After executing the command, ‘htpasswd ’ will prompt the user for the password.

Furthermore, after providing the password, the file is created. In order to add a new user to the password list, following command is executed: ‘htpasswd /usr/local/apache/passwd/passwords testuser’ This command will add this user credentials to the password file. In addition, the user name, named as ‘testuser’ is already created earlier on the webserver. After the creation of the password file, Apache configuration is conducted with the required directives. The directives are located in an ‘.

htaccess’ file, on a particular directory associated with server configuration. Web Contents Prevention In order to maintain a sophisticated web server, web content prevention is essential to ensure the safety of web contents available on the web server. Apache ‘digest authentication’ is made for this purpose. It is a “method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller” (What is digest authentication?

- definition from whatis.com ). The command ‘digest authentication’ is executed on the module named as ‘mod_auth_digest’. This utility will never transmit the passwords across the network. In fact, these files are transmitted via MD5 digested passwords, eliminating attacks such as sniffing the network traffic for passwords. There are some steps incorporated in order to accomplish this utility from the Apache web server. Likewise, the configuration for digest authentication is quite similar to the basis authentication.

The first step involves the creation of a password file. The command executed for the creation

...Download file to see next pages Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Web security authentication and authorization Research Paper”, n.d.)
Retrieved from https://studentshare.org/information-technology/1407978-web-security-authentication-and-authorization
(Web Security Authentication and Authorization Research Paper)
https://studentshare.org/information-technology/1407978-web-security-authentication-and-authorization.
“Web Security Authentication and Authorization Research Paper”, n.d. https://studentshare.org/information-technology/1407978-web-security-authentication-and-authorization.
  • Cited: 0 times

CHECK THESE SAMPLES OF Web security authentication and authorization

A Logic of Authentication

hellip; March 11, 2011 Conclusion 16 1 Chapter 1 Abstract In various distributed systems, authentication protocols constitute the very foundation of network security.... The logic allows people to formally describe the beliefs of trustworthy parties involved in these authentication protocols, thus uncovering subtleties, redundancies and flaws through an analysis of the protocols' syntax and semantics.... This paper is based on the article ”A Logic of authentication” published in 1989 by the authors Michael Burrows, Martin Abadi and Roger Needham, University of Cambridge....
16 Pages (4000 words) Essay

Reauthorization Act of the Higher Education Act

The consequence of this authorization is that colleges that are presently offering distance learning programs in all states will have to acquire authorization in each of those states.... authorization agencies at the state level are recognized in all the fifty states and nine U.... It is not in all states that accreditation is required as part of its authorization process and a small number of agencies by now need to be authorized in terms of physical presence....
5 Pages (1250 words) Research Paper

Authentication of the Modern Generation

Requirements in the previous two sentences imply the requirement for robust directory, authentication and authorization systems.... The research in Universal authentication will definitely result in improving the betterment of an individual's assets to this secure e-world.... hellip; In a homogeneous IT infrastructure or at least where a single user entity authentication scheme exists or where the user database is centralized, single sign-on is a visible benefit....
7 Pages (1750 words) Term Paper

Authenticating iOS devices to join the Active Directory Domain

Closely associated with this is the Lightweight Directory Access Protocol (LDAP) which will be employed to utilize its security and access features.... losely associated with this is the Lightweight Directory Access Protocol (LDAP) which will be employed to utilize its security and access features....
10 Pages (2500 words) Essay

A Logic of Authentication

This work called "A Logic of authentication" describes Burrows, Abadi, Need-ham (BAN) logic, various security protocols.... From this work, it is clear that authentication protocols functioned correctly and more efficiently after the implementation of such logic.... The logic allows people to formally describe the beliefs of trustworthy parties involved in these authentication protocols, thus uncovering subtleties, redundancies, and flaws through an analysis of the protocols' syntax and semantics....
16 Pages (4000 words) Coursework

Authenticating iOS Devices to Join the Active Directory Domain

nbsp;The technology offers invaluable tools with which we can establish network systems that deliver services to its users with unparalleled convenience and security.... Fortunately, technology offers invaluable tools with which we can establish network systems that deliver services to its users with unparalleled convenience and security.... Closely associated with this is the Lightweight Directory Access Protocol (LDAP) which will be employed to utilize its security and access features....
10 Pages (2500 words) Literature review

Net Work Security: Kerberos and Key Management

As used in this project, Kerberos is an authentication protocol which was developed by MIT.... As used in this project, Kerberos is an authentication protocol which was developed by MIT.... Kerberos is usually embedded in windows 2000 as a default for its authentication.... This access provider protocol stands for authentication, access control and auditing.... But only the authentication is available currently in the market while the other segments (access control and auditing) are not supported....
18 Pages (4500 words) Essay

Privacy of Data at Web Server

o abet the security issues that may arise in the process of collection, storage and use of this individual information, the state in conjunction with IT experts have drafted and enacted several legislations to enhance privacy of information and data.... … web server.... The organizations are moving from manual storage of data to electronic storage and web server....
12 Pages (3000 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us