|
|
Anyone know how to password protect a website?
|
|
|
|
Senior User
Join Date: Oct 2001
Location: Indiana
Status:
Offline
|
|
I am using dreamweavermx and haven't found anything helpful in the help.
Thanks.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2000
Location: Allston, MA, USA
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2001
Location: Indiana
Status:
Offline
|
|
Thanks for the post. I will look into it.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2001
Location: Indiana
Status:
Offline
|
|
Any other suggestions? I am not savy enough to pull off the Apache stuff.
Help?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Status:
Offline
|
|
Originally posted by AU_student_iceBook:
Any other suggestions? I am not savy enough to pull off the Apache stuff.
Help?
What are you stuck on?
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2001
Location: London
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2001
Location: Indiana
Status:
Offline
|
|
Originally posted by Synotic:
What are you stuck on?
This is not a website that I host from my computer, it is from an FTP server.
Is there a way to protect a .html file there?
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Nov 2002
Location: Far from the internet.
Status:
Offline
|
|
Originally posted by AU_student_iceBook:
This is not a website that I host from my computer, it is from an FTP server.
Is there a way to protect a .html file there?
Not from FTP. You would need control over the server. Or a hosting company that would allow you to do this or will implement it for you.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2001
Location: Indiana
Status:
Offline
|
|
Originally posted by benb:
Not from FTP. You would need control over the server. Or a hosting company that would allow you to do this or will implement it for you.
bummer. that's what I was afraid of.
Thanks for the help.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2001
Location: Atlanta, GA, USA
Status:
Offline
|
|
Originally posted by AU_student_iceBook:
bummer. that's what I was afraid of.
Thanks for the help.
If you have a cgi-bin, you can probably get it to work.
The basic things you need are:
1) a folder with a .htaccess file
2) a file with usernames/passwords in it, with the passwords encoded using "crypt"
Number (1) is straightforward through ftp. Create a file like this:
Code:
AuthType Basic
AuthName "My Zone"
AuthUserFile /Library/WebServer/users/passwd
Require user somebody
Number (2) is tricky, but only because you need the "crypted" password. There are a lot of ways to get it -- using htpasswd is the preferred way, but you need shell access for that.
If you have a cgi-bin, you could make a CGI like this, which should work:
Code:
#!/usr/bin/perl
$login = "someuser";
$password = "somepass";
@passch = ('a'..'z');
for ($l = 0; $l < 2; $l+=1)
{
$randnum = int(rand($#passch + 1));
$salt .= @passch[$randnum];
}
print "Content-type: text/html\n\n";
print join(":",$login,crypt($password, $salt));
Change "someuser" and "somepass" to the right values. Put that in your CGI-BIN. Set it +executable by all. Run it from your web browser. Take the output, and put it in the file referenced by your .htaccess file's AuthUserFile entry.
That should do it.
|
Mac Pro 2x 2.66 GHz Dual core, Apple TV 160GB, two Windows XP PCs
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2001
Location: uk
Status:
Offline
|
|
dumb question, but would putting a page called secret1.html in a directory that already had an index.html page , and had no other links to it, be accessible in any way other than going directly to it's address name ?
could it turn up in google or someplace?
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Aug 2002
Location: Oxford, England
Status:
Offline
|
|
|
Luke
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2001
Location: Atlanta, GA, USA
Status:
Offline
|
|
Neither JavaScript nor hidden files are valid ways to ensure any kind of security. Anyone can get by JavaScript security if they can read JavaScript code. If you want security, it MUST be on the server side.
Basic Auth (as I described implementing above) is secure and simple. If you can't go that route, then use a CGI that throws a 401 status back if the user and password are not supplied. Use the features of the browser!
|
Mac Pro 2x 2.66 GHz Dual core, Apple TV 160GB, two Windows XP PCs
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2001
Location: Indiana
Status:
Offline
|
|
Originally posted by Arkham_c:
Neither JavaScript nor hidden files are valid ways to ensure any kind of security. Anyone can get by JavaScript security if they can read JavaScript code. If you want security, it MUST be on the server side.
Basic Auth (as I described implementing above) is secure and simple. If you can't go that route, then use a CGI that throws a 401 status back if the user and password are not supplied. Use the features of the browser!
forgive my ignorance, but what is CGI-bin?
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2001
Location: Indiana
Status:
Offline
|
|
Thanks. This worked for what I needed.
More peace of mind for the client than anything else.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|