The webserver is protected by a user/password pair. The username is sent a digest over the net but the password is a hash over "username:authdomain|raltext-password".(authdomain is described here)
I addition to the username/password which also groups users in security levels it is possible to have table where the hosts allowed to connect to the system is stored.
In addition to this SSL can be enabled on the interface.
This document is licensed under Creative Commons BY 4.0 and can be freely copied, redistributed, remixed, transformed, built upon as long as you give credits to the author.