Selecting Access Control OptionsChapter 8 Controlling Access to Your Server 185❍ Basic uses the HTTP method to get authentication information from theclient. The username and password are only encrypted if encryption isturned on for the server.❍ SSL uses the client certificate to authenticate the user. To use this method,SSL must be turned on for the server. When encryption is on, you cancombine Basic and SSL methods.❍ Digest uses the an authentication mechanism that provides a way for abrowser to authenticate based on username and password withoutsending the username and password as cleartext. The browser uses theMD5 algorithm to create a digest value using the user’s password andsome information provided by Enterprise Server. This digest value is alsocomputed on the server side using the Digest Authentication plug-in andcompared against the digest value provided by the client.❍ Other uses a custom method you create using the access control API.• Authentication Database lets you select a database the server will use toauthenticate users. This option is only available through the Server Manager. Ifyou choose Default, the server looks for users and groups in an LDAPdirectory. If you wish configure individual ACLs to use different databases,select Other, and choose the database from the drop-down list. Non-defaultdatabases and LDAP directories need to have been specified in the fileserver_root/userdb/dbswitch.conf. If you use the access control API for acustom database, such as Oracle or Informix, select Other, and enter thedatabase name.Specifying the From HostYou can restrict access to the Administration Server or your web site based onwhich computer the request comes from.• Anyplace allows access to all users and systems• Only from allows you to restrict access to specific Host Names or IP AddressesIf you select the Only from option, enter a wildcard pattern or a comma-separatedlist in the Host Names or IP Addresses fields. Restricting by hostname is moreflexible than by IP address: if a user’s IP address changes, you won’t need toupdate this list. Restricting by IP address, however, is more reliable: if a DNSlookup fails for a connected client, hostname restriction cannot be used.