<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta name="GENERATOR" content="Microsoft FrontPage 4.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> <title>TWIG Administrators Manual - 5. Security</title> <meta name="Microsoft Border" content="tb, default"> </head> <body><!--msnavigation--><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td> <table border="0" width="100%"> <tr> <td width="50%" valign="bottom"> <h1>TWIG Administrators Manual</h1> </td> <td width="50%" valign="bottom"><img border="0" src="images/twig.gif" align="right" width="153" height="75"></td> </tr> <tr> <td width="50%" valign="bottom"> </td> <td width="50%" valign="bottom"></td> </tr> <tr> <td width="50%" valign="bottom"> Return to <a href="index.html">Table of Contents</a> </td> <td width="50%" valign="bottom"></td> </tr> </table> <hr> </td></tr><!--msnavigation--></table><!--msnavigation--><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><!--msnavigation--><td valign="top"> <h2>5. Security</h2> <p>There are several issues with security, and this is only a brief overview of the issues. Before implementing a TWIG server (or any Internet based server) you should have a good working knowledge of Internet related security.<br> <br> To keep your configuration settings secure you need to make sure that your web server pay's attention to .htaccess files. To check to make sure your configuration is secured, try accessing your config.inc.php3 file using the following URL:<br> <br> http://<your server name>/<twig home directory>/config/config.inc.php3<br> <br> You should get an access denied message after a security dialog box pop's up. If you don't, please refer to your web server's documentation to <br> enable .htaccess files.<br> <br> Another concern is connectivity between TWIG and the mail/database server. The most secure system is to have everything on the same server, otherwise passwords may be transmitted across the net. This is nothing specific to TWIG, but instead is depended on the other servers.<br> <br> The most obvious security concern in the transmitting of username/passwords using basic or forms based authentication. One possible solution to this is to use an SSL capably browsers/server.</p> <!--msnavigation--></td></tr><!--msnavigation--></table><!--msnavigation--><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td> <hr> <table border="0" width="911"> <tr> <td width="418"> Return to <a href="index.html">Table of Contents</a> </td> <td width="477" align="right">Return to <a href="#TOP">Top</a></td> </tr> </table> </td></tr><!--msnavigation--></table></body> </html>