diff --git a/HELP.md b/HELP.md
index 6a681997..21000722 100644
--- a/HELP.md
+++ b/HELP.md
@@ -160,6 +160,9 @@ All main configuration could be done via [config.json](json/config.json "Config"
 
 ```js
 {
+    "auth"              : false,    /* enable http authorization                */
+    "username"          : "root",   /* username for authorization               */
+    "password"          : "toor",   /* password hash in sha-1 for authorization */
     "apiURL"            :"/api/v1",
     "appCache"          : false,    /* cache files for offline use              */
     "analytics"         : true,     /* google analytics suport                  */
diff --git a/html/config.html b/html/config.html
index 14c9f056..e1f13572 100644
--- a/html/config.html
+++ b/html/config.html
@@ -1,5 +1,8 @@
 <div class="border">
     <ul class="list" >
+        <li><span><input type="checkbox" id="auth" {{ auth }} ></input></span><label for="auth"> Auth</label></li>
+        <li><span><input type="text" class="form-control" placeholder="username" id="username" value="{{ username }}"></input></span></li>
+        <li><span><input type="password" class="form-control" placeholder="password" id="password" value="{{ password }}" ></input></span></li>
         <li><span><input type="checkbox" id="appCache" {{ appCache }} ></input></span><label for="appCache"> App cache</label></li>
         <li><span><input type="checkbox" id="analytics" {{ analytics }} ></input></span><label for="analytics"> Analytics</label></li>
         <li><span><input type="checkbox" id="diff" {{ diff }} ></input></span><label for="diff"> Diff</label></li>
diff --git a/json/config.json b/json/config.json
index 2527a0b8..4380c458 100644
--- a/json/config.json
+++ b/json/config.json
@@ -1,4 +1,7 @@
 {
+    "auth": true,
+    "username": "root",
+    "password": "435b41068e8665513a20070c033b08b9c66e4332",
     "apiURL": "/api/v1",
     "appСache": false,
     "analytics": true,
diff --git a/lib/server.js b/lib/server.js
index 7b8991a5..0c884b79 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -29,7 +29,7 @@
         https               = main.https,
         Util                = main.util,
         express             = main.express,
-        expressApp          = express.getApp(controller),
+        expressApp,
         files               = main.files,
         
         Server, Rest, Route;
@@ -87,7 +87,9 @@
             },
             
             lHTTPServer = function() {
-                Server =  http.createServer(expressApp || controller);
+                expressApp  = express.getApp(controller);
+                Server      = http.createServer(expressApp || controller);
+                
                 Server.on('error', Util.log);
                 Server.listen(lPort, lIP);
                 lServerLog(lHTTP, lPort);
diff --git a/lib/server/express.js b/lib/server/express.js
index c52cb822..98754d22 100644
--- a/lib/server/express.js
+++ b/lib/server/express.js
@@ -11,13 +11,46 @@
              
     var main                = global.cloudcmd.main,
         express             = main.require('express'),
+        httpAuth            = main.require('http-auth'),
+        crypto              = main.crypto,
+        basic,
         app                 = express && express();
     
     exports.getApp          = function(controller) {
-        if (app)
-            app.use(express.logger('dev'))
-               .all('*', controller);
+        var config = main.config,
+            auth    = config.auth;
+        
+        if (app) {
+            app.use(express.logger('dev'));
+            
+            if (auth && httpAuth) {
+                initAuth();
+                app.use(httpAuth.connect(basic));
+            }
+            
+            app.all('*', controller);
+        }
         
         return app;
     };
+    
+    
+    function initAuth() {
+        basic   = httpAuth.basic({
+            realm: "Cloud Commander"
+        }, function (username, password, callback) { // Custom authentication method.
+            var hash,
+                config  = main.config,
+                name    = config.username,
+                passwd  = config.password,
+                equal   = username === name,
+                sha     = crypto.createHash('sha1');
+            
+            sha.update(password);
+            hash        = sha.digest('hex');
+            equal       = passwd === hash && equal;
+            
+            callback(equal);
+        });
+    }
 })();
diff --git a/lib/server/rest.js b/lib/server/rest.js
index d7ca230c..a4f2c171 100644
--- a/lib/server/rest.js
+++ b/lib/server/rest.js
@@ -17,6 +17,7 @@
         fs          = main.fs,
         path        = main.path,
         Hash        = main.hash,
+        crypto      = main.crypto,
         Util        = main.util,
         pipe        = main.pipe,
         CloudFunc   = main.cloudfunc,
@@ -411,7 +412,16 @@
                 break;
             
             case 'config':
-                config = main.config;
+                var hash,
+                    passwd  = lFiles.password,
+                    sha     = crypto.createHash('sha1');
+                    config  = main.config;
+                
+                if (passwd) {
+                    sha.update(passwd);
+                    passwd          = sha.digest('hex');
+                    lFiles.password = passwd;
+                }
                 
                 for (name in lFiles)
                     config[name] = lFiles[name];
diff --git a/package.json b/package.json
index 55a97d52..0626aa4e 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,8 @@
         "dropbox": "0.10.2",
         "minify": "0.2.3",
         "socket.io": "0.9.16",
-        "express": "3.4.x"
+        "express": "3.4.x",
+        "http-auth": "2.0.9"
     },
     "license": "MIT",
     "engines": {