Controlled Access to Web Documents: Authentication and Authorisation

Web authors generally want their documents to be read. That is why the standard access rule is: „Web documents are readable from anywhere and by anyone“. But there is also content that should only be accessible to a certain readership.

To do this, a reader must authenticate (proof of identity, currently often through a secret key request: Entering an identifier and the corresponding password). The web server checks the entries (authentication). After the identity has been proven, the web server sets the rights of this user according to your specifications(authorisation): Allow or deny access.

This procedure can be determined by a web author. To do this, they write instructions into a .htaccess file. These instructions usually apply to all files in this directory and all subdirectories (simple rule: store files worth protecting in a separate directory). See also: Protection of individual files.

The following access control options can be used:

1. Access with identification request and password
   • Recommended: Via the Web Trust Center of the TU Chemnitz
   • Identifier/ Password freely chosen
2. Allow access only from certain computers (not recommended)

A specially secured web server should be operated for sensitive data, e.g. using our Virtual Private Server Hosting Service. If possible, very sensitive data should also be suitably encrypted!

In addition to access control via the web, access protection in the file system must also be considered.