Web Server Authentication and Permissions (Compact 2013)
3/26/2014
To provide security, each virtual directory that is mapped by the web server has associated authentication values and permission values that correspond, respectively, to the A and P values that are identified in the registry key for that virtual directory.
The authentication and permissions checks that are performed by the web server should not be confused with a secure connection. Therefore, all data, with the exception of NTLM passwords, that is sent between the client browser and the server is in plain text. Note that basic authentication is vulnerable to packet sniffing, so take care when sending sensitive information to and from the server across a public or non-secure network.
Security Note: |
---|
If the web server is used without appropriate values set for the User List and the Domain variables, as is the default setting, it becomes vulnerable to attacks. A malicious user must guess only the device's password, as set in Control Panel, to obtain access to a server. To prevent such an attack, the user name in the UserList registry value must be set for each of the servers that are currently running. The user will then need to log in with the specified user name and appropriate password to use the server. |
In This Section
- Web Server Access Rights
Provides information about the steps that are required to set web server access rights.
- Web Server Permissions
Provides information about how to set the web server permissions registry value for each virtual path.
- Web Server User Lists
Provides information about how to set the web server UserList registry value for the appropriate virtual root with the list of users and groups who have access.
- Web Server Authentication
Provides information about how to set the authentication level for a web server virtual directory.
- SSL Support
Provides information about how to use Secure Sockets Layer (SSL) to allow web servers and web clients to communicate more securely by using encryption.