En:Security

Remote Administrative Access

If you administrate your YaCy peer remotely you have to assign a administrator username and password via the web interface (menu: Use case & account -> Accounts).

Considerations

By default YaCy uses HTTP BASIC authentication which means that username and password are transmitted unencrypted between the remote system and you peer. You can setup YaCy to encrypt transmitted passwords, using DIGEST authentication method, more secure.

But even if Digest authentication is a better choice than Basic HTTP authentication, it "does not provide a strong authentication mechanism" as explained in the latest protocol standard documentation (RFC). Both Basic an Digest authentication RFCs recommand to enhance these methods with HTTPS : see RFC 7617 and RFC 7616.

Configure YaCy to use DIGEST

1. copy file web.xml in directory ./defaults to ./DATA/SETTINGS
2. locate the text <auth-method>BASIC</auth-method> in the copied web.xml
3. modify the line to <auth-method>DIGEST</auth-method> and save it
4. restart YaCy and assign a admin user password

Hint: step 1. (copy of web.xml) is recommended as a modification of the defaults/web.xml might be overwritten by a update to a newer release.

Configure YaCy to use HTTPS

1. See details in De:InterfaceÜberHTTPS