password protection

Hi,

I have a webpage.  I need to password protect some of the files in a very secure way.  Who can help?  I need detailed instructions and source codes.  By the way, points can be increased.  Thanks.

robin
LVL 1
tao_shaobinAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ItsMeConnect With a Mentor Commented:
always before printing (@ each site !):

replace
<site-2> with <a href="/password.exe?username=test&password=test&site=2>link to page 2</a>

<site-3> with <a href="/password.exe?username=test&password=test&site=3>link to page 3</a>

the value of the page parameter is the identity for the page to print. you could say

if ($page eq "1") {$sitename="site1.secret"};

open (file, "< $sitename");

....
0
 
KennyIT Application ExecutiveCommented:
You can put these files in a directory which only has read permission to a certain few people. Of course, this would mean that the server administrator will have to add in these usernames/passwords to the server, and change the access rights on the directory concerned. When a user tries to access these files, a prompt will come up asking them to type in their username and password to log on.
0
 
tao_shaobinAuthor Commented:
Hi, zxr250:

The problem is that I have no control over ther file/directory properties.  I want to use CGI to realize password protection.  Up to now, I know how to protect the text file loaded immediately after the user login.  Suppose that is page one and I have provide a hyperlink for page two in it.  Then the URL of page two will display in teh address bar.  I don't know how to protect pages such as page two.

anyway, thanks,

robin
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
ItsMeCommented:
you could call page 2 from page 1 by a cgi using the get method. (e.g. link to /cgi-bin/protect.cgi?un=<USERNAME>&pw=<PASSWORD>&page=2) then the cgi had to interpret the 2 and check if the user is valid. of course the cgi which prints out page 1 has to set the link with the user properties. I would suggest to edit page1 and write a special tag istead of the link e.g. <link-to-site2> then the outprinting cgi has to find this tag and replace it by <a href="/cgi-bin/protect.cgi?un=User&pw=Passwort&page=2">to page 2</a>

Hope you understood what I mean :-)
0
 
tao_shaobinAuthor Commented:
Okay, ItsMe, I guess you know this problem.  Suppose page1.html is protected by /cgi-bin/password.exe.  And page1.html has a hyperlink such as,

<A HREF="xxx.com/page2.html">This is page two</A>

Then what is the correct syntax to protect page 2.    I mean what should above link look like and what I should use in page2.html.

Thanks,

robin
0
 
ItsMeCommented:
ok, firstly you should change the link in page1.html:

from

<a href="....>
   to just
  <link-2>

then you change the cgi which prints page1: add to your cgi a function which replaces <link-2> by <a href="...">to 2</a>. "..." must be the url to your
print cgi "/cgi-bin/password.exe?user=Test&password=Test&page=2" your cgi has to assemble the url by using the login datas of the user. for the other sites use <link-3> <link-4> and so on.

summary:

- user fills out form and sends it to password.exe (you should send it with "get")

- password.exe validates
- password.exe prints out page1
  and replaces ALL <link-?> tags by
  "/password.exe?username="Test"
  &page=?...."

hint:

<form name="login" action="/cgi-bin/password.exe" method="get">
<input type="text" name="username">
<input type="password" name="password"
<input type="hidden" name="page" value="1">
<input type="submit" value="login">
</form>

the datas will be send as http://www.yourserver.com/cgi-bin/password.exe?username=Test&password="Test"&page=1

exactly this is the url you have to set for the <site-?> tags.

regards
ItsMe
0
 
KennyIT Application ExecutiveCommented:
A couple of problems you will have with the above method :

1.) If you use the GET method in the form, the parameters will appear in the address bar of the user's browser. This will not be good as anyone standing near the user can see it. A lot of people use the same passwords for several things and I am sure they will not be pleased if someone found out their email password because of your site. I suggest you use the post method to send the form data.

2.) If you put your HTML files in the HTML folder, users can still access it by typing the full URL to page 2,3,4, etc. You have to put these in a protected directory. Perhaps you can put them in the cgi-bin directory, and get your cgi program to read them and write them to the screen. This is not very difficult to do. Please make sure that your cgi-bin directory is not accessible to everyone. (Try typing a direct URL to your page2,3 files and see if it displays.) To make your server more orderly, you should create a subdirectory within your cgi-bin (better to put it one step higher, but since you cannot), and put all your protected HTML files there.
0
 
jjmartinCommented:
What is your web host using as thier internet server?  They should have something in place you can use for this.  Check out the following article about security for Apache server:

http://www.apacheweek.com/features/userauth
0
 
plrCommented:
I think that the right and full solution is:

1. use browser cookies to store user name & passwd with expiration.

2. all links to your pages will be /cgi-bin/access.cgi?page=about.html

3. all names of files in your server folder will be begin with char "."
It needs for the peoples cannot access this files from browser.

4. Your access.cgi every page access will be verify user name & passwd in the
cookies and if it absent or wrong the script return to user browser page with
authentication form and in this form you place hidden field page with requested page. And if the user enter right info your data places to cookies and the script reads your page from disk and simply prints to output.

that all folks!
0
 
ItsMeCommented:
Thanks ;-)
0
All Courses

From novice to tech pro — start learning today.