Mini SQL 2.0

Beta

W3-Auth : Access Control and Authentication



Introduction

W3-auth provides a facility by which you can restrict access to file accessed via W3-mSQL based on username/password and also by the location of the client machine. It should be noted that it only restricts access to pages processed by the W3-mSQL CGI program, not to every page on your web server.

W3-auth provides a web based interface to the management and configuration of your security policy. Access is via the w3-auth CGI program usually located at /cgi-bin/w3-auth on your web server.



Concepts

Namespaces

As hosting of web pages by ISP's and web providers becomes the norm, it is quite probable that a single machine may house W3-mSQL based applications for several companies. If the administration and management of usernames for access to web based applications is stored in a single place, there is a potential for "clashes" in the usernames required by the various customers. For example, if both XYZ Corp. and Acme Inc. had W3-mSQL based applications on a single machine, there exists a potential that both XYZ and Acme will want to have a user called 'bill'. If both companies hace to share a username/password facility then it is obvious that there can only be one user called 'bill' and that the company that requested the username second would have to be rejected (i.e. you can't have 2 users with the same username on a single UNIX machine).

To overcome this problem, W3-auth supports multiple "namespaces" for the definition of usernames. In the situation above, a namespace would be created for both XYZ and for Acme. The fact that both companies want to have a user called 'bill' is no longer a problem as one 'bill' will be in the XYZ namespace and the other 'bill' will be in the Acme namespace. W3-auth treats these users as totally different users (i.e. they can have different passwords and access levels etc).

The concept of namespaces is used throughout W3-auth to distinguish between users and web pages "owned" by different organisations.

Secure Areas

User Groups