| Default directory | The default data directory limits the directories from which files can be retrieved. Note that you can expand this by adding virtual directories. |
|---|---|
| Limiting access to configuration tools |
You can use the SECURITY_LEVEL
parameter to prevent outside users from running the remote configuration tools. Or, you
can disable any use of these configuration tools (by default, access is only permitted
to a client running his browser on the server machine).
In addition to the SECURITY_LEVEL parameter, the powerful hence potentially dangerous MANAGER and _COMMAND addons can be disabled. Note that both MANAGER and _COMMAND are installed in a disabled state. |
| Access control on a
resource-specific basis |
Some resources on your web site can be open to the public, some resources can be open to all registered users, and some resources can only be available to specified subsets of these registered users. |
| Access control on a
file-specific basis |
If the HTACCESS method of access control
is enabled, SREhttp/2 will check special .HTACCESS
files for directory specific username & password information. In fact, requests can be subject to both resource-specific (using required privileges and client privileges), and HTACCESS (requiring directory specific username & password information) access controls -- just be sure to coordinate the usernames and passwords used by both methods (since each method stores username & password information in different places). |
| Authentication | SREhttp/2 supports both "basic" and digest
authentication
In addition, SREhttp/2 supports dynamic passwords -- an emulation of digest authentication that is useable by javascript aware http/1.0 browsers. |
| Access denied response | If access is denied: a generic & simple,
or a customized failure file,
or a selector-specific failure file
can be used to form an authorization response.
Alternatively, SREhttp/2 can detect & deny access to clients repetitively hitting your site with different phony usernames & passwords |
| 40 bit encryption | SREhttp/2 supports several forms of 40-bit encryption of content. |
| Probing attacks | Probing attacks, where a hacker where an attacker randomly requests common system files, can be detected & thwarted |
| Dynamic privileges | Dynamic (short duration) privileges can be awarded on request specific basis -- this can be used to support multiple accounts, or to grant temporary access to resources (say, to allow access to images only after a introductory page has been viewed). |