469,934 Members | 2,776 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,934 developers. It's quick & easy.

passwords in the source?

I've got some files that are not very sensitive. Mostly history files from
email sessions using our contact forms.

I'd like to password protect these files so that if someone happened to get
a link to it, they couldn't start passing it all around for anyone to read,
and I certainly wouldn't want the link to find its way into a Google search!

I've thought about creating a password string that I could hold in the <%
[code] %portion of my .asp pages. Then, if someone tries to open a history
file, they are first prompted for a password. If it matches what is in the
<% [code] %section, they get in.

I just feel like my password is left out in the clear if I include it as
part of the asp code.

Is this way ok, or bad?

Is there a better way?

What is a good, simple way to implement this? If someone knows of an example
application somewhere, I'd be happy to see that link.
Oct 16 '07 #1
6 1493

"jp2code" <poojo.com/mailwrote in message
news:up**************@TK2MSFTNGP02.phx.gbl...
I've got some files that are not very sensitive. Mostly history files from
email sessions using our contact forms.

I'd like to password protect these files so that if someone happened to
get
a link to it, they couldn't start passing it all around for anyone to
read,
and I certainly wouldn't want the link to find its way into a Google
search!
>
I've thought about creating a password string that I could hold in the <%
[code] %portion of my .asp pages. Then, if someone tries to open a
history
file, they are first prompted for a password. If it matches what is in the
<% [code] %section, they get in.

I just feel like my password is left out in the clear if I include it as
part of the asp code.

Is this way ok, or bad?

Is there a better way?

What is a good, simple way to implement this? If someone knows of an
example
application somewhere, I'd be happy to see that link.

Is this your server or is the site hosted by a third party?

On your own server it would be a simple matter of just turning off anonymous
access and turning on Windows Integrated security.
--
Anthony Jones - MVP ASP/ASP.NET
Oct 16 '07 #2
No, it is a hosted site. The server is not mine.

"Anthony Jones" wrote:
Is this your server or is the site hosted by a third party?

Oct 16 '07 #3
jp2code wrote on 16 okt 2007 in microsoft.public.inetserver.asp.general:
I've got some files that are not very sensitive. Mostly history files
from email sessions using our contact forms.

I'd like to password protect these files so that if someone happened
to get a link to it, they couldn't start passing it all around for
anyone to read, and I certainly wouldn't want the link to find its way
into a Google search!

I've thought about creating a password string that I could hold in the
<% [code] %portion of my .asp pages. Then, if someone tries to open
a history file, they are first prompted for a password. If it matches
what is in the <% [code] %section, they get in.

I just feel like my password is left out in the clear if I include it
as part of the asp code.

Is this way ok, or bad?

Is there a better way?

What is a good, simple way to implement this? If someone knows of an
example application somewhere, I'd be happy to see that link.

<META NAME="robots" CONTENT="noindex,nofollow">
<body>
<%
if request.form("pw") = "blahblah" then
session("ok")="ok"
end if
if session("ok")="" then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'password<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>

You are in!
</body>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Oct 17 '07 #4
I modified your code just a little, but that worked great!

Special thanks for the meta tag! I never would have thought to look there.

Thanks a lot!

"Evertjan." wrote:
<META NAME="robots" CONTENT="noindex,nofollow">
<body>
<%
if request.form("pw") = "blahblah" then
session("ok")="ok"
end if
if session("ok")="" then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'password<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>

You are in!
</body>

Oct 17 '07 #5
Gazing into my crystal ball I observed "jp2code" <poojo.com/mail>
writing in news:Od**************@TK2MSFTNGP02.phx.gbl:
I modified your code just a little, but that worked great!

Special thanks for the meta tag! I never would have thought to look
there.
You should also use robots.txt (Google for it). Understand that
misbehaving robots may not follow directives, so it IS a very good idea
to check server side. You can also do something like:

<a href="http://www.example.com" rel="noindex, nofollow">Some offsite
URL I want to give to my visitors, but don't want robots to follow</a>

Google and Slurp follow the above directive as well as robots.txt and
meta.
>
"Evertjan." wrote:
><META NAME="robots" CONTENT="noindex,nofollow">
<body>
<%
if request.form("pw") = "blahblah" then
session("ok")="ok"
end if
if session("ok")="" then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'password<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>

You are in!
</body>



--
Adrienne Boswell at Home
Arbpen Web Site Design Services
http://www.cavalcade-of-coding.info
Please respond to the group so others can share

Oct 18 '07 #6
Thanks! I have implemented that as well.

"Adrienne Boswell" wrote:
You should also use robots.txt (Google for it). Understand that
misbehaving robots may not follow directives, so it IS a very good idea
to check server side. You can also do something like:

<a href="http://www.example.com" rel="noindex, nofollow">Some offsite
URL I want to give to my visitors, but don't want robots to follow</a>

Google and Slurp follow the above directive as well as robots.txt and
meta.

Oct 18 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by Florian Lindner | last post: by
15 posts views Thread by Dino Vliet | last post: by
3 posts views Thread by Jeremy Deuel | last post: by
5 posts views Thread by Macca | last post: by
19 posts views Thread by Cord-Heinrich Pahlmann | last post: by
2 posts views Thread by Simon.Whiteside | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.