V 4.00 and above

Warning : do not forget to read the Important security note at the end of this article.

The new security mechanism is on. Elements can now be protected without the usual and well-known critical security issues.

Moreover, it is now much more easier to protect/unprotect any element (except Web Sites for the moment). And this protection can now occur in any section, not only a section named "Reserved Access" for this usage.

Basically, it only stands on the keyword add/remove functionnality.

You can traditionnaly use this function for transversal navigation using normal keywords.

But now, you will be able to protect elements as well, just using special keywords.

Two cases:
 1. The desired secured user already exists (some pages are already protected for him): quick and easy
 2. He does not exist yet: a little bit longer !

1. Protecting/Unprotecting elements for an existing secured user

To protect a given element, named E1 for example:
 In Administration area, select E1 and display its status screen (where Date of creation, Authors and Keywords zones are visible).
 Select the login you want to use for this element in the RESERVED_ACCESS keywords group. For example, select RESERVED_CFHTLS.
 Click on Select button. The keyword is added.
 That's all. This element is now protected and access to it is reserved only for the selected user (CFHTLS in this example).

Note:
 You will perhaps not be prompted immediately for login/password, especially if you are a team member logged with your own login/password, since the browser keeps your login information. But be sure the protection is immediately active for other users. If you want to test quickly the new protection, simply disconnect yourself (in Administration area) and clear your browser history and cache. You can also just use another browser for the test if you have.
 Only add one keyword of the group RESERVED_ACCESS to the given element. Otherwise, only the first one is used.

To unprotect an element, named E2 for example:
 In Administration area, select E2 and display its status screen
 In the keywords list, only click on the Remove this keyword link on the right of the protection keyword (RESERVED_CFHTLS for example) and that's it ! E2 is now in public access again.

2. Protecting/Unprotecting elements for an existing secured user

The procedure is a little bit longer, but should not occur often. The main task is to create the new user and duplicate protected skeletons (remember that every PHP page has a corresponding HTML skeleton (by construction of SPIP)). Afterwards, the procedure is nothing more that what is described in 1.

In this example, the new user is NewB, the corresponding keyword is RESERVED_NEWB and its number 28, the Authentication message is "NewB Authentication". It is up to you to replace these values in the following procedure by the real values you will get.

Here is how to proceed step by step:
 open a terminal session
 connect via ssh www-data@terapix.iap.fr
 create the new user, NewB for example: htpasswd /var/www/.htpasswd NewB
 in parallel, in the Administration area, click on Site Edit/Keywords
 in the keywords group RESERVED_ACCESS, create a new keyword named RESERVED_NEWB
 after clicking on submit, you have been redirected back on the keywords page; look for the new RESERVED_NEWB keyword in the RESERVED_ACCESS group and click it
 you are now on the Edit page of the RESERVED_NEWB keyword; note the keyword number (in the top left corner of the page), 28 for example
 go back to your terminal session
 cd /var/www
 cp rubrique_restricted00.php rubrique_restricted28.php
 cp article_restricted00.php article_restricted28.php
 cp breve_restricted00.php breve_restricted28.php
 emacs rubrique_restricted28.php
 replace $fond = "section_restricted00"; by $fond = "section_restricted28";
 emacs article_restricted28.php
 replace $fond = "article_restricted00"; by $fond = "article_restricted28";
 emacs breve_restricted28.php
 replace $fond = "breve_restricted00"; by $fond = "breve_restricted28";
 less mes_fonctions.php
 get the skeletons directory (line $GLOBALS['dossier_squelettes'] = 'design/4.00';)
 go in this directory: cd design/4.00
 same work as for corresponding PHP files, as describe in following lines
 cp rubrique_restricted00.html rubrique_restricted28.html
 cp article_restricted00.html article_restricted28.html
 cp breve_restricted00.html breve_restricted28.html
 emacs rubrique_restricted28.html
 replace {id_mot=00} by {id_mot=28}
 emacs article_restricted28.html
 replace {id_mot=00} by {id_mot=28}
 emacs breve_restricted28.html
 replace {id_mot=00} by {id_mot=28}
 last step (yes !) is update of .htaccess file: cd /var/www
 emacs .htaccess
 under the last <Files> section, create a new one, with the following content:

The new secured user and his corresponding secured skeletons are now created. You can now continue by protecting elements as in case 1, just affecting the new RESERVED_NEWB to these elements.

Important security note :
 Secured users do not have, any access to Intranet neither Administration area, but only to the elements secured for this particular login.
 Conversely, Team members, who have access to Intranet, have also access to any secured elements. So there is no need to affect any RESERVED_ACCESS keyword to an Intranet element (in any cases it will have no effect).
 There is no heritage of the security protection ; in other words, when a section is protected, this does not imply that articles and sub-sections in this section are protected too : the corresponding RESERVED_* keyword must be selected for each element to protect.