MHP Home Page - Public Access Services

This page gives you an introduction to Web security. We give you a sample username and password to try out.

For more information on setting up your own security using NCSA HTTPD, see this tutorial at wintermute.ncsa.uiuc.edu

If you have any comments, please E-mail them to me: <mhp@lightlink.com>

Max Parke

Not all Web browsers provide user authentication. If yours doesn't, you're out of luck here. I have defined "SAMPLE PROTECTED DOCUMENT" as protected, meaning that the Web won't allow anyone to read it without proper identification.

Some browsers handle authentication poorly. If you switch from one document to another, and they have different passwords, the browser's response can be confusing. One leading browser will display `Authorization failed. Retry?' when this happens. You should click YES if this happens, then enter the username and password for the new document.
In extreme cases, you may have to reload the protected page, especially if you had previously responded NO to the `Authorization failed. Retry?' message.

The username you should enter when asked is sample
The password is secret

Click here for SAMPLE PROTECTED DOCUMENT

Although the example shown above is not equipped to demonstrate them, here are some other things you can do with Web security:

SIGNON ACCESS CONTROL
In the example above, you entered a username and password to access a protected document. Username/password security can also be used to protect Web applications as well as documents. For example, the username itself could be used by the server to decide what application or document to display next. In this way, you can have customized signon menus for each different user (or group, see below).
WEB PAGE GROUPS
You can organize your Web documents and/or applications into groups which can be managed as a single entity for security purposes. For example, you might have public documents (e.g., brochures) which everyone can access, a group of private forms for the office, and private libraries accessible only to researchers.
USER GROUPS
Users can also be grouped, and access restrictions can be applied either on a user basis or a group basis. For example, a CEO might belong to all user groups, and thereby have access to all of the company's Web resources.
FORIEGN HOST SECURITY INTERFACE
Many companies already have invested significant effort in building security (i.e., ID, password, and user/application groups) into their networks. These security databases (for example IBM's RACF) can be interfaced to the Web. In this way, the security clearance function would be performed by the foriegn host, eliminating the need to manage and maintain a redundant Web security database.