organic-search-analytics
organic-search-analytics copied to clipboard
PromInc
Password Protecting or Restricting Access
Hi there,
If the application is deployed in a public facing setting. How do we protect unauthorized access to this information and application? Please advise what would be the recommended approach i.e. .htaccess or another type of application.
Warmly Own
Yes, this is a valid concern.
Many moons ago I had worked on adding a user authentication portion to this project. Sadly I don't see the branch I thought I had saved it to and I'm drawing a blank on where I would have stored that code... So adding this functionality into the tool will require starting from scratch at this point.
But to your point you can simply add a directory level authentication in Apache. It's a pretty basic method of doing this but very effective. There are many resources on the web for adding password protection via Apache but here is a good example on how to set it up. http://www.htaccesstools.com/articles/password-protection/
The app is currently delivered via public_html folder. It seems when I add a directory level restriction I encounter the following errors: Error displaying the error page: Unable to load renderer class: View not found [name, type, prefix]: category, php, contentView
Please advise thanks!
On Wed, May 3, 2017 at 9:13 PM, PromInc [email protected] wrote:
Yes, this is a valid concern.
Many moons ago I had worked on adding a user authentication portion to this project. Sadly I don't see the branch I thought I had saved it to and I'm drawing a blank on where I would have stored that code... So adding this functionality into the tool will require starting from scratch at this point.
But to your point you can simply add a directory level authentication in Apache. It's a pretty basic method of doing this but very effective. There are many resources on the web for adding password protection via Apache but here is a good example on how to set it up. http://www.htaccesstools.com/articles/password-protection/
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/PromInc/organic-search-analytics/issues/49#issuecomment-299077104, or mute the thread https://github.com/notifications/unsubscribe-auth/AbCqan8Vh0xBjt_pw8mb71XIo0bDw93Qks5r2SZXgaJpZM4NPlDq .
I'm afraid I'm not much help on this issue... The message does not feel like it would be coming from the codebase supplied in this repository - it feels to me that this is more of a system level/apache error on some level. That theory could be easily tested by creating a second directory with restrictions on your server with just a simple html file in it and see if you get the same error.
I'm not sure that I have much more knowledge on this issue. If your files are directly in the public_html folder (and not a subfolder) that may be an issue as well - try moving to a subfolder? That's about all I can think of off the top of my head.
I would recommend using HTTP Basic Auth to restrict access for the reporter and not adding user admin / permissions to the project directly.
