Log in and Log out
Midgard has a User and Group section that controls access to everything in the system, this is controled by the authentication system.
Admin site authentication
When you log into the Midgard admin site, it uses cookies to store a session ID. to un-encrypt this, the system uses a key at the server end. In principle this enables a relatively high degree of security.
HTTPS (or secure access)
It is recommed however that Midgard is run on apache-ssl, as this will ensure that all traffic (including the first login) are encrypted in transport - it is relatively easy to snoop traffic on the internet
It is also suggested that you run a virus program on any windows machines accessing midgard, as trojan horse viruses can be used to monitor what is happening on windows machines, and send username/password pairs back to any crackers.
Pages requiring authentication
There is an option that enforces authentication to pages, (this is not used by the Midgard admin site), as it has it's own authentication method, HTTP Basic.
This option can be used to enforce a login pop-up when accessing pages you create. - It however does not enable the ability to log-out, and if you use it, then you should close your browser when leaving your machine.
It is possible to reuse the code in this Midgard admin site to provide your own access controls in a similar way. An example of this is the ViewerGroups system provided by Aegir and MidCOM