Securing Your Web Pages with Apache Page 2
In Web terms, and Apache terms in particular, discretionary controls are based on usernames and passwords, and mandatory controls are based on things like the IP address of the requesting client.
Another way to keep discretionary versus non-discretionary controls straight is to think about the way failures are handled: if you fail a discretionary check (such as if you misspell your password), you get another chance -- but if a mandatory check fails, you get a 'forbidden' error rather than 'not authorised,' and there's no way to say "give me another chance" without starting from scratch and requesting the page again as though for the first time. And unless something's changed on the server, even retrying isn't going to make a difference; you'll still be locked out.
Authentication versus Authorisation
Authentication is the process of verifying that credentials are correct -- that is, that the username is in the database and the password is correct for the username. Authorisation is the process of checking to see if a validated client is permitted to access a particular resource. For instance, Bob may have correctly supplied his username and password, but still not be able to access Jane's file because she hasn't included him in the authorisation list for it.
In Apache, almost all of the security-related modules (see a
later section for a list) actually do both.
The main feature that distinguishes them from each other is
their authentication aspect; mostly, they let you store the
valid credential information in one format or another.
mod_auth, for instance, looks in normal text
files for the username and password info, and
looks in a DBM database for it. They handle the authorisation
side of their task in essentially identical ways, however.
The security modules are passed the information about what
authentication databases to use via directives, such as
The resource being protected is determined from the placement of the
directives in the configuration files; in this example:
<Directory /home/johnson/public_html> <Files foo.bar> AuthName "Foo for Thought" AuthType Basic AuthUserFile /home/johnson/foo.htpasswd Require valid-user </Files> </Directory>
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...