Authenticating Secure Paths

Some sites secure documents by requiring authentication on the directory in which they are stored. This is typically accomplished using the administration functions of the Web server. In order to retrieve documents for indexing from such secured directories, the Verity Spider can use the -auth switch to reference an authorization file.

The authorization file contains one record per line. Each line consists of server, realm, user name, and password, separated by white space. For example:



# This is the spider Authorization file for HTTP's Basic Authentication

#server:port         realm                        username        password

www.w3.org:8080      W3C-Member                   Aladdin         "open sesame"

www.sjmercury.com    "access. Subscription info"  barelto         940897751
NOTE: The port number is optional. If omitted, it is assumed to be 80.

To allow users to view, with highlights, such indexed files, you must add a line in inetsrch.ini to reference the same authentication file used by the Verity Spider.

Under the [Common] section in inetsrch.ini, add the following line:



Authfile=<path>
where <path> is the location of the authentication file used by vspider to index the secured documents."

For example:



[Common]

.

.

.

Authfile=c:\search97\authfiles\medfile.txt

Compromised Security

 Be aware that storing the user name and password for a secured path allows users to see all documents within the path. Storing them does, however, provide automation and allows users to view highlights within the retrieved documents. You will need to balance the need for such automation and functionality against the possible compromise in security created by allowing access to all documents within a secured directory.



Copyright © 1998, Verity, Inc. All rights reserved.