Web site security

I am at university and our department has a UNIX powered LAN. There is installed on this an Apache web server that will pick up documents placed in my "public_html" directory... To allow the server to access these files I have to set them so they are publically accessable like "chmod 755 ...." for example. I have tried to secure a section of my website using the basic ".htaccess" file and password file combination. This works.

Unfortunatly because of the public accessability of these files anyone who can log on to the server (that anyone in my department, there is no anon FTP access) can simply swith to my 'public_html' dir and download files, without a password. Even if I set the directorys so there is no listing they can just use their FTP access in a web browser and follow the links to navigate without a password.

Dows anyone know of a way of overcoming this security hole so that I can decide which of my fellow students can access my web pages?

Thanks
Graeme

 

 

 

 

Top