passwords in the source?

I've got some files that are not very sensitive. Mostly history files from
email sessions using our contact forms.

I'd like to password protect these files so that if someone happened to

a link to it, they couldn't start passing it all around for anyone to

and I certainly wouldn't want the link to find its way into a Google

>
I've thought about creating a password string that I could hold in the <%
[code] %portion of my .asp pages. Then, if someone tries to open a

file, they are first prompted for a password. If it matches what is in the
<% [code] %section, they get in.

I just feel like my password is left out in the clear if I include it as
part of the asp code.

Is this way ok, or bad?

Is there a better way?

What is a good, simple way to implement this? If someone knows of an

application somewhere, I'd be happy to see that link.

Is this your server or is the site hosted by a third party?

I've got some files that are not very sensitive. Mostly history files
from email sessions using our contact forms.

I'd like to password protect these files so that if someone happened
to get a link to it, they couldn't start passing it all around for
anyone to read, and I certainly wouldn't want the link to find its way
into a Google search!

I've thought about creating a password string that I could hold in the
<% [code] %portion of my .asp pages. Then, if someone tries to open
a history file, they are first prompted for a password. If it matches
what is in the <% [code] %section, they get in.

I just feel like my password is left out in the clear if I include it
as part of the asp code.

Is this way ok, or bad?

Is there a better way?

What is a good, simple way to implement this? If someone knows of an
example application somewhere, I'd be happy to see that link.

<META NAME="robots" CONTENT="noindex,nofollow">
<body>
<%
if request.form("pw") = "blahblah" then
session("ok")="ok"
end if
if session("ok")="" then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'password<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>

You are in!
</body>

I modified your code just a little, but that worked great!

Special thanks for the meta tag! I never would have thought to look
there.

>
"Evertjan." wrote:

><META NAME="robots" CONTENT="noindex,nofollow">
<body>
<%
if request.form("pw") = "blahblah" then
session("ok")="ok"
end if
if session("ok")="" then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'password<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>

You are in!
</body>

You should also use robots.txt (Google for it). Understand that
misbehaving robots may not follow directives, so it IS a very good idea
to check server side. You can also do something like:

<a href="http://www.example.com" rel="noindex, nofollow">Some offsite
URL I want to give to my visitors, but don't want robots to follow</a>

Google and Slurp follow the above directive as well as robots.txt and
meta.