Announce: CHWEB - Secure Web pages with respect to file system
Greg Johnson
You can use .htaccess, CGI, or other mechanisms to restrict Web access.
Though restricted with respect to the Web, your file must be accessible to
the Web server. This typically exposes it to anyone who can login to that
server and enter a command like "more ~theboss/www/top-secret.html".
CHWEB is a setuid root Unix command that makes a file or directory
accessible to its owner, a server, and root but no one else. I've tested
it on NCSA 1.3 & 1.4, on AIX, IRIX, and NeXTSTEP systems. It's simple and
should port easily to other Unix systems and probably other HTTP servers.
It requires no mods to the server. Get it at:
http://www.phlab.missouri.edu/~ccgreg/chweb.tar.gz
The best secure access uses encryption. Even so, some proposed forms of
Web authentication encrypt via the Web server and still require something
like chweb to shut the file system door.
I'd appreciate your comments and suggestions, and will probably appreciate
questions. Mailto: ccg...@showme.missouri.edu