I am not a webmaster or very web savvy. I have a hosted site on
Verio.com that has only a very limited password protection feature. I
need to password protect subscriber pages (or a directory) and need a
user friendly tool to automatically accept subscriber designated
userID's and passwds. I've heard that Java scripts are not usable by
all browsers. Apparently I am allowed to install a script on the
Verio.com server for our account which resides on Unix. I'd like a
simple windows interface that will also cut us an email when someone
subscribes. We're working w/2co.com as the payment gateway. I'm over
my head here and need some good advice. Thanks. Ca***********@yahoo.com 7 2124
Sandy wrote in
<df*************************@posting.google.com> I am not a webmaster or very web savvy. I have a hosted site on Verio.com that has only a very limited password protection feature. I need to password protect subscriber pages (or a directory) and need a user friendly tool to automatically accept subscriber designated userID's and passwds. I've heard that Java scripts are not usable by all browsers. Apparently I am allowed to install a script on the Verio.com server for our account which resides on Unix. I'd like a simple windows interface that will also cut us an email when someone subscribes. We're working w/2co.com as the payment gateway. I'm over my head here and need some good advice. Thanks.
There's .htaccess - it's very simple.
Four lines in the .htaccess file:
AuthName "Section Name"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
and a file - .htpasswd - containing passwords and IDs:
username1:password1
username2:password2
....
That protects everything below the directory in which the .htaccess file is
located.
Info: http://www.freewebmasterhelp.com/tutorials/htaccess/3
Password generator: http://www.euronet.nl/~arnow/htpasswd/
--
PeterMcC
If you feel that any of the above is incorrect,
inappropriate or offensive in any way,
please ignore it and accept my apologies.
PeterMcC said the following on 02/08/2004 19:32: and a file - .htpasswd - containing passwords and IDs:
username1:password1 username2:password2 ...
That protects everything below the directory in which the .htaccess file is located.
Info: http://www.freewebmasterhelp.com/tutorials/htaccess/3
It is suggested in the tutorial, just want to stress this:
Don't put the .htpasswd file in the DocumentRoot. If you do, the file
can be viewed and/or downloaded and although the passwords are
encrypted, there are muny tools which crack there way through password
files.
By the way, when using Basic Authentication, the passwords are send over
the line in plain ASCII and can be sniffed, so this is not very secure.
You should probably read something like this if you want to use
..htaccess/.htpasswd: http://httpd.apache.org/docs/howto/auth.html
Regards,
Harrie
Harrie wrote: Don't put the .htpasswd file in the DocumentRoot. If you do, the file can be viewed and/or downloaded and although the passwords are encrypted, there are muny tools which crack there way through password files.
Not if you set your server up correctly, unless I'm missing something:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
Mark Tranchant said the following on 03/08/2004 09:03: Harrie wrote:
Don't put the .htpasswd file in the DocumentRoot. If you do, the file can be viewed and/or downloaded and although the passwords are encrypted, there are muny tools which crack there way through password files.
Not if you set your server up correctly, unless I'm missing something:
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
I have to admit your right, but this wasn't mentioned in the URL you
gave and I didn't think about it myself. Still, I would recommend
against it (but that's just an opinion); one central place for
configuration outside the DocumentRoot is less prone to errors. However,
since this is a hosted site, this isn't probably an option for the op.
Regards,
Harrie
Harrie wrote in
<41***********************@news.xs4all.nl> Mark Tranchant said the following on 03/08/2004 09:03:
Harrie wrote:
Don't put the .htpasswd file in the DocumentRoot. If you do, the file can be viewed and/or downloaded and although the passwords are encrypted, there are muny tools which crack there way through password files.
Not if you set your server up correctly, unless I'm missing something:
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
I have to admit your right, but this wasn't mentioned in the URL you gave
I only mention this to avoid having Mr Tranchant's spotless reputation being
sullied by any possible confusion between his good self and me.
I posted the URL, you have to admit Mark's right :)
--
PeterMcC
If you feel that any of the above is incorrect,
inappropriate or offensive in any way,
please ignore it and accept my apologies.
Mark Tranchant wrote: Harrie wrote:
Don't put the .htpasswd file in the DocumentRoot. If you do, the file can be viewed and/or downloaded and although the passwords are encrypted, there are muny tools which crack there way through password files.
Not if you set your server up correctly, unless I'm missing something:
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
That's true. But when I setup something like this, I prefer to take
extra precautions. I'd protect .htaccess as you've done[1], but I'd also
move .htpasswd outside the document root.
[1] Except that I use <FilesMatch> instead of <Files>.
--
Brian (remove ".invalid" to email me) http://www.tsmchughs.com/
PeterMcC said the following on 03/08/2004 14:06: Harrie wrote in <41***********************@news.xs4all.nl>
Mark Tranchant said the following on 03/08/2004 09:03:
Harrie wrote:
Don't put the .htpasswd file in the DocumentRoot. If you do, the file can be viewed and/or downloaded and although the passwords are encrypted, there are muny tools which crack there way through password files.
Not if you set your server up correctly, unless I'm missing something:
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
I have to admit your right, but this wasn't mentioned in the URL you gave
I only mention this to avoid having Mr Tranchant's spotless reputation being sullied by any possible confusion between his good self and me.
I posted the URL, you have to admit Mark's right :)
Whoops, you're right .. and so is Mark ;)
Regards,
Harrie This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: dave |
last post by:
Hello,
I've got a php script that is trying to authenticate a user against a
rh9 /etc/passwd file. The passwd file has permissions of 444 but when i try
to log in i am being redirected to my error...
|
by: Kempniu |
last post by:
Hi there,
I was wondering how do all the "free web space" services etc. work -
when one fills in a form, he/she is automatically added to the
system's userlist. How does this work? I mean, how...
|
by: Howard |
last post by:
I am currently looking at the various packages that are available for
software protection. I have a particular question that I'd welcome
your feedback on.
Background info:
I work for a company...
|
by: SoftComplete Development |
last post by:
SoftComplete Development Updates EXECryptor to v. 2.1.20
Software piracy! Cracked serial numbers! Thousands of commercial
products are posted on the warez sites and become available to all who...
|
by: Greg Patnude |
last post by:
From: "Greg Patnude" <gpatnude@hotmail.com>
Subject: pg_shadow --> passwd
Date: Monday, October 13, 2003 6:04 PM
Is there a way to "decrypt" a database users passwd stored in pg_shadow ???
my...
|
by: Tony Hunter |
last post by:
Hello,
I am trying to automatically login to websites after I have used SSO to get
the credentials. For my test, I am working with my Yahoo account. The code
that I am using is code that many...
|
by: Rocky Zhou |
last post by:
Today I found a problem, when I wrote a section of PHP code like this:
<?php
$fp = fopen("/etc/passwd","r");
if($fp)
{
echo 'ok!';
$result = fread($fp,
8192);
return $result;
|
by: sathyashrayan |
last post by:
Dear group,
For a log-in page I have created a mysql db and user registers
with a user name and password. The password field is encrypted with
$passwd = sha1($_REQUEST);
I insert the...
|
by: aliwarid |
last post by:
Hi All,
Can any one tell me how can i make changes in /etc/passwd file ?
Is it right way to make changes with "vi" command in solaris ?
Or
Is there any other procedure or command like for LOCKING...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: Vimpel783 |
last post by:
Hello!
Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
|
by: jfyes |
last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: Defcon1945 |
last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
|
by: af34tf |
last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
| |