Security

From HE FAQ
Jump to: navigation, search

This information only pertains to Hurricane Electric's Shared Web Hosting package. There may be different information in our other categories.

Can I password protect access to my Web pages?

Yes, if you have a "Starter Virtual Host" or above.

Please note that password protecting directories is not enabled for "Simple Virtual Host" accounts.

A list of features for each account type is available here:

http://he.net/web_hosting.html

If you need this feature, please email support@he.net to request an upgrade of account type.

How do I password protect access to my Web pages?

You can restrict access to people that you put in a password file by using the .htaccess method (Apache & NCSA) method of limiting access. Please see this .htaccess demo.

CGI scripts could be written to help maintain the password file if you wanted to provided a administration function through a web browser. Alternatively you could put all of the passwords and account names in a text file and write a Perl script to convert the plain text passwords and names into the proper format.

Who sets file permissions?

You do.

Is there any way to create multiple password access to certain areas of my directory.

We support the .htaccess method as documented in our .htaccess demo.

Is it possible to have my password changed to something I could remember?

Our security policy requires that you respect the good password selection rule of avoiding using English words as your password in the interests of a minimum level of security. A good password must be at least 7 characters in length and should contain at least one letter and at least one number. Passwords should not be based upon common sayings or anything recognizable.

You may change your password. However, if you do change it, please make sure to follow our password creation guidelines.

To change your password, log into the https://admin.he.net account management system and click on "Issue New Password" from the list of commands.

If you do not want your account information to be emailed to you, you can SSH into the server on which your account is hosted and change the account password using the passwd command.

There is a way to come up with a password you can remember that meets our guidelines. If you think of a sentence of about seven words that has a number in it, and take the first letters of the words, and using the number instead of the word for the number, you have a password that you can remember as long as you remember the sentence. For example, a good sentence might be "One fine day, I picked a password." This would translate to "1fdIpap" (one is a number, isn't it?), which looks like utter gibberish, but can be remembered, because you know the sentence. When you need to enter your password, just think of the sentence, which can be as weird or wacky as you want it to be.