vqServer Security


Overview

  • vqServer keeps a single list of users and passwords. Each user therefore only has one password. User IDs and passwords are case sensitive. Users can be added and deleted and their IDs and passwords edited by selecting Users from the vqServer control centre menu.
  • vqServer also keeps a list of access control lists. An access control list is basically a list of users and other access control lists. Access control lists can be created, edited and destroyed by selecting Access control lists from the vqServer control centre menu.
  • Each file (or group of files) identified by an alias (see the Aliases page) is associated with an access control list. Only users listed in this access control list will have access to the file.

Notes

  • vqServer's security can be circumvented by anyone who has access to you computer. Keep your computer in a secure location and/or use a password-protected screen saver.
  • vqServer's security can be breached by someone looking over the administrator's shoulder and reading the screen.
  • vqServer's configuration file (website/vq/server/cfg/server.cfg) contains user IDs and passwords in plain text. Don't make this file available to visitors to your web site by accident!
  • Remember to change the administrator password the first time you start vqServer.
  • Avoid adding users to the Server administration access control list - anyone on this list gets complete access to vqServer's configuration.
  • Don't allow user self-registration for the Server administration access control list.
vqServer
FAQs
Register (free!)
Support

Contents

Logs
Servlets

Users
User settings
User ACLs
ACLs
ACL settings
ACL members

Users page

This page is displayed by clicking on Users in the vqServer control centre menu. Users are alphabetically ordered by name.

The following information is shown for each user:

  • ID: This is the name by which a user identifies him or herself to vqServer in a browser's password dialog box or on a custom login page.
  • Name: The user's real name. This can actually be anything you like; it is not used by vqServer.

By clicking on one of the icons next to a user's name you can:

  • Edit the user's ID, name, password or other details.
  • ACLs: Add or remove the user from access control lists.
  • Delete the user from the user list.

You can also add a new user to the list by clicking on New user in the control centre menu.

Control centre menu

vqServer
Contents
Security

Logs
Servlets

User settings

This page is displayed by clicking on the icon in the edit column next to a user's name on the users page. It lets you view and edit information about a user.

ID The name by which the user should identify him or herself to vqServer in a web browser's password dialog or on a custom login page. Case sensitive.
Name The user's real name. This is not used by vqServer and can be anything you like.
Password The user's password. Case sensitive.
email The user's email address. This is not used by vqServer version 1.8.
Address The user's postal address. This is not used by vqServer.
Notes Any other information you want to record about the user.
First registered Date and time the user was added to vqServer's user database.
Last access Date and time the user last accessed your web site using their ID and password. Useful for detecting redundant user IDs.
Password changed Date and time the user's password was last changed.
Show ACLs If this box is checked, a list of access control lists will be displayed when you click the Ok button so that you can add and remove the user from access control lists.
Delete If this box is checked, vqServer will delete the user from its internal list (after displaying a confirmation page).
Control centre menu

vqServer
Contents
Security

Logs
Servlets

User ACLs

This page is displayed when you click on the icon in the ACLs column next to a user's name on the users page. It can also be reached by checking the Show ACLs box on a user settings page and clicking the Ok button. It lets you see which access control lists the user belongs to and to add the user to and remove the user from access control lists.

  • To add the user to an access control list, check the box next to the name of the access control list.
  • To remove the user from an access control list, clear the box next to the name of the access control list.
  • Click on the Ok button to register your changes.
Control centre menu

vqServer
Contents
Security

Logs
Servlets

ACLs page

This page is displayed by clicking on Access control lists in the vqServer control centre menu. The list is alphabetically ordered by access control list name.

The following information is displayed for each access control list:

  • ID: You don't need to worry about this unless you are using user self-registration.
  • Name: The name of the access control list. This can be anything you like.

By clicking on one of the icons next to an access control list's name you can:

  • Edit the access control list's name or other parameters.
  • Members: Add or remove users from the access control list .
  • Delete the access control list .

You can also create a new access control list by clicking on New access control list in the control centre menu.

Control centre menu

vqServer
Contents
Security

Logs
Servlets

ACL settings

This page is displayed by clicking on the icon in the Edit column next to an access control list's name on the access control lists page. It lets you view and edit information about an access control list.

Name The access control list's name. This can be anything you like but should be descriptive!
Use custom login page If this box is checked vqServer tries to use the custom login page specified to control access to aliases associated with the access control list.
Login page The alias of the file containing a custom login page for this access control list. The alias should begin with /.
Allow self-registration If this box is checked, vqServer allows visitors to your web site to add themselves to this access control list using self-registration.
Show members If this box is checked, vqServer will display this access control list's members page when you click the Ok button which allows you to add or remove users from this access control lists.
Delete If this box is checked, vqServer will remove this access control list from its internal list when you click the Ok button (after displaying a confirmation page).
Control centre menu

vqServer
Contents
Security

Logs
Servlets

ACL members page

This page is displayed by clicking on the icon in the Members column next to an access control list's name on the access control list page. It lets you add and remove users and access control lists from an access control list.

  • Members: A list of the members of the access control list.
  • Non-members: The users and access control lists which are not members of this access control list.
  • Add: Clicking this button adds the selected users and access control lists in the Non-members list to the access control list.
  • Remove: Clicking this button removes the selected users and access control lists in the Members list from the access control list.
  • Show member: Shows information about the first selected entry in the Members list. Use your browser's BACK button to return to the members page.
  • Show ACL settings: Shows the access control list's settings page.
  • Show non-member: Shows information about the first selected entry in the Non-members list. Use your browser's BACK button to return to the members page.


vqServer version 1.9. Copyright © 1997-2000 Steve Shering and vqSoft. Last updated 14 March 1999.

Control centre menu

vqServer
Contents
Security

Logs
Servlets