Security is a big issue when it comes to computers these days and can mean different things to different people. To an administrator it can mean the following questions: Is the server locked down and the software up-to-date and free of any known vulnerabilities? To an application developer, it might mean that the user has been verified and that the customer data has been stored in a safe, reusable manner. To the user of the web site it could mean that the personal data remains in limited hands and that, while in transit, is encrypted to limit eavesdropping.
All of these concerns are valid fundamental concerns. However, from the Apache web server's perspective all of these issues come down to three basic concepts: authentication, authorization, and access control.
■ Authentication is any process by which the web site verifies the identity of a user in question, that in essence they are who they claim they are.
■ Authorization is any process by which someone is allowed to gain access to information that they want to have.
■ Access control is the process of limiting users' access to information that they may not have access to.
With the basic web server setup these processes are managed by the Apache modules mod_auth and mod_access. You can use these modules' configuration directives in the main server configuration file, httpd.conf, or in per-directory configuration files, .htaccess.
Was this article helpful?