lunedì 29 marzo 2010

Web Server TinySSL

TinySSL is a Secure Sockets Layer (SSL v2/v3) and Transport Layer Security Web Server Daemon based on TinyWeb. TinySSL comes under the same licence as for TinyWEB and is FREE for commercial and non-commercial use.

NOTA: SSL è trattato nella seconda parte del corso; TinySSL è utile, anche senza SSL, per "giocare" con la BASIC authentication (che non è supportata da TinyWeb); se non interessa SSL, saltare tutto e andare direttamente alla:

Access Authentication

TinySSL supports Basic Access Authentication (rfc-2068), which is configured in realms.cfg file. There are MD5/DES-hybrid hashes (also may be called digests) that allow avoiding cleartext reusable passwords to be stored in realms.cfg file. Each line of the file describes a single realm and has the following format:

ListOfURLs RealmName User1 User2 User3 User4 ....
ListOfURLs is a list of URLs (pipe-seperated) belonging to specified realm, RealmName is name of the realm as per rfc-2068 and UserN is user name and hash of a password. To produce a hash, run str2key.exe utility, passing password as a command line parameter (no space characters are allowed). As you see, you may assign several users and URLs to an realm. If you do not need access authentication, simply leave realms.cfg empty (but do not even think to delete it). The sample file with two realms looks like this:

/cgi-bin/*|/view.html|/edit.html Operations mickey|7a4064683b98bf5e/photos.html Photos ronnie|4f1fab620816ea8a coolman|f1578aa107bc4aef
Here user mickey will have access to Operations realm and will be able to retrieve /cgi-bin/*, /view.html and /edit.html; users ronnie and coolman will have access to Photos realm with /photos.html.
str2key.exe utility produces a hash in the following steps: applies MD5 algorinthm to a password string; resulting 128 bits are split on two 64-bit blocks, 56 bits from one block is used as a DES key to ECB-encrypt 64 bits of another block; 64 bits produced by DES ecnryption are taken as hash.
Changing of realms.cfg without restarting server is allowed. TinySSL will reload the file if it was modified since last load.
Posta un commento