1

I would like to develop a small hidden service that require authentication, i.e. the first thing that must show up is the login page.

I'm pretty newbie in all this web-services world and some questions arise in mi head:

  • What are the secure recommendations when implementing this feature?
  • What software do you recommend? (apache + php?)
  • It is necessary to get a SSL certificate?
  • And more important, will this feature be seeing as a challenge in the eyes of some enthusiast Tor users?

So far I've just seeing this question with "Who knows, it might even work." as the final sentence of the correct answer. So I'm a little intrigued.

Thanks in advance! Warren.

Community
  • 1
AronNeewart
  • 113
  • 3

1 Answers1

0

I would suggest that you get acquainted with clearweb hosting practices before trying to turn them into a hidden service.

Some would recommend a LAMP configuration at least initially. There are new schools of thought when it comes to deciding on a TLS certificate for your hidden service, but technically it is unnecessary as the current Tor Hidden Service Protocol connection is already encrypted to provide the confidentially integrity checking.

The question about "What are the secure recommendations" is too open of a question to answer but points back to you should look into how other web applications implement secure authentication. Consider implementing existing code that provides hardening guidelines.

Lizbeth
  • 1,274
  • 6
  • 22