I have a password protection on one of my sites through a freeserver.<br />
<br />
I dont like it because it only stops you if you dont know the username password..but if you know what the page is called..(IE: index.html) then you just type that up at the end of the main site address and the password protected page comes up like nothing.<br />
<br />
What can I do to stop that from happening?<br />
I want the only way to access it is having the correct password and username.<br />
<br />
Thanks,<br />
James<!--content-->Password protection is done through HTTP authentication. The configuration details vary from server to server<br />
<br />
JavaScript password scripts provide only a facade of security. At a fundamental level, they work in one of two ways. Some scripts convert the password into a URL, which keeps the document secret by limiting the number of people who know its URL. Some scripts check the password and then go to a specific URL, which protects the document only from those who don't view the JavaScript source to get the URL of the document. Neither mechanism is really secure.<!--content-->how would i make it secure?<!--content-->using .htaccess and cgi would make it very secure. Does your server allow you to use .htaccess??<!--content-->I havent tried this script out, but you give it a shot and if it seems good, post your URL for our testing
<br />
<br />
<!-- m --><a class="postlink" href="http://projannet.port5.com/basic_crypt.html">http://projannet.port5.com/basic_crypt.html</a><!-- m --><!--content-->well its still a javascript and as you said earlier, 'JavaScript password scripts provide only a facade of security'. But I have Download <!--more-->ed it and I will put it up on my site to test it<!--content-->I get what it does now. It is pretty good though but has a few flaws.<br />
<br />
Pros - People can't just type in the url of the page you're protecting. <br />
- The only way to get into the page is to type the correct password.<br />
<br />
Cons - Someone could just easily create a de-coder. <br />
- You need javascript to view the site<br />
- No password retrival<br />
- You can only have one password for the page so anyone that finds out what the password is could just post it up on a messageboard or whatever<br />
<br />
well heres the url for people that want to see how it works. The password is 'pastword'<br />
<br />
<!-- m --><a class="postlink" href="http://www.jollyfactory.f2s.com/password/index.html">http://www.jollyfactory.f2s.com/password/index.html</a><!-- m --><!--content-->I dont know...how could I tell?<!--content-->well try contacting your host. Is your website hosted for free? Try posting the address to your host and I'll check it out<!--content-->www.mybravenet.com<!--content-->no sorry, but that host doesn't allow .htaccess I found this in the help section of bravenet<br />
'totally secure password protection via remote server is not possible' which basically means totally secure protection is not totally possible.<br />
<br />
I know that its not really helping much, but there are many free hosts that allow .htaccess and cgi<!--content-->what free sites offer that?<!--content-->http://www.f2s.com ---> <!-- w --><a class="postlink" href="http://www.yoursite.f2s.com">www.yoursite.f2s.com</a><!-- w --><br />
>> 20 megs<br />
>> cgi access<br />
>> mysql access<br />
>> php access<br />
>> .htaccess<br />
>> ftp<br />
<br />
<!-- m --><a class="postlink" href="http://www.hypermart.net">http://www.hypermart.net</a><!-- m --> --> <!-- w --><a class="postlink" href="http://www.yoursite.hypermart.net">www.yoursite.hypermart.net</a><!-- w --><br />
>> .htaccess<br />
>> cgi access<br />
>> php scripting<br />
<br />
<!-- m --><a class="postlink" href="http://www.netcabins.com">http://www.netcabins.com</a><!-- m --> --> subdomain<br />
>> 12-60 megs<br />
>> php 4<br />
>> ftp upload<br />
>> .htaccess <br />
<br />
And here is a tutorial on htaccess<br />
<!-- m --><a class="postlink" href="http://faq.clever.net/htaccess.htm">http://faq.clever.net/htaccess.htm</a><!-- m --><br />
<br />
and here is a place where you can make passwords and username code to place into htaccess file<br />
<!-- m --><a class="postlink" href="http://www.e2.u-net.com/htaccess/make.htm">http://www.e2.u-net.com/htaccess/make.htm</a><!-- m --><!--content-->thanks alot<!--content-->not a problem if you have any problems with it, just Private Message (<!-- m --><a class="postlink" href="http://www.htmlforums.com/private.php?action=newmessage&userid=599">http://www.htmlforums.com/private.php?a ... userid=599</a><!-- m -->) me<!--content-->
<br />
I dont like it because it only stops you if you dont know the username password..but if you know what the page is called..(IE: index.html) then you just type that up at the end of the main site address and the password protected page comes up like nothing.<br />
<br />
What can I do to stop that from happening?<br />
I want the only way to access it is having the correct password and username.<br />
<br />
Thanks,<br />
James<!--content-->Password protection is done through HTTP authentication. The configuration details vary from server to server<br />
<br />
JavaScript password scripts provide only a facade of security. At a fundamental level, they work in one of two ways. Some scripts convert the password into a URL, which keeps the document secret by limiting the number of people who know its URL. Some scripts check the password and then go to a specific URL, which protects the document only from those who don't view the JavaScript source to get the URL of the document. Neither mechanism is really secure.<!--content-->how would i make it secure?<!--content-->using .htaccess and cgi would make it very secure. Does your server allow you to use .htaccess??<!--content-->I havent tried this script out, but you give it a shot and if it seems good, post your URL for our testing
<br /><br />
<!-- m --><a class="postlink" href="http://projannet.port5.com/basic_crypt.html">http://projannet.port5.com/basic_crypt.html</a><!-- m --><!--content-->well its still a javascript and as you said earlier, 'JavaScript password scripts provide only a facade of security'. But I have Download <!--more-->ed it and I will put it up on my site to test it<!--content-->I get what it does now. It is pretty good though but has a few flaws.<br />
<br />
Pros - People can't just type in the url of the page you're protecting. <br />
- The only way to get into the page is to type the correct password.<br />
<br />
Cons - Someone could just easily create a de-coder. <br />
- You need javascript to view the site<br />
- No password retrival<br />
- You can only have one password for the page so anyone that finds out what the password is could just post it up on a messageboard or whatever<br />
<br />
well heres the url for people that want to see how it works. The password is 'pastword'<br />
<br />
<!-- m --><a class="postlink" href="http://www.jollyfactory.f2s.com/password/index.html">http://www.jollyfactory.f2s.com/password/index.html</a><!-- m --><!--content-->I dont know...how could I tell?<!--content-->well try contacting your host. Is your website hosted for free? Try posting the address to your host and I'll check it out<!--content-->www.mybravenet.com<!--content-->no sorry, but that host doesn't allow .htaccess I found this in the help section of bravenet<br />
'totally secure password protection via remote server is not possible' which basically means totally secure protection is not totally possible.<br />
<br />
I know that its not really helping much, but there are many free hosts that allow .htaccess and cgi<!--content-->what free sites offer that?<!--content-->http://www.f2s.com ---> <!-- w --><a class="postlink" href="http://www.yoursite.f2s.com">www.yoursite.f2s.com</a><!-- w --><br />
>> 20 megs<br />
>> cgi access<br />
>> mysql access<br />
>> php access<br />
>> .htaccess<br />
>> ftp<br />
<br />
<!-- m --><a class="postlink" href="http://www.hypermart.net">http://www.hypermart.net</a><!-- m --> --> <!-- w --><a class="postlink" href="http://www.yoursite.hypermart.net">www.yoursite.hypermart.net</a><!-- w --><br />
>> .htaccess<br />
>> cgi access<br />
>> php scripting<br />
<br />
<!-- m --><a class="postlink" href="http://www.netcabins.com">http://www.netcabins.com</a><!-- m --> --> subdomain<br />
>> 12-60 megs<br />
>> php 4<br />
>> ftp upload<br />
>> .htaccess <br />
<br />
And here is a tutorial on htaccess<br />
<!-- m --><a class="postlink" href="http://faq.clever.net/htaccess.htm">http://faq.clever.net/htaccess.htm</a><!-- m --><br />
<br />
and here is a place where you can make passwords and username code to place into htaccess file<br />
<!-- m --><a class="postlink" href="http://www.e2.u-net.com/htaccess/make.htm">http://www.e2.u-net.com/htaccess/make.htm</a><!-- m --><!--content-->thanks alot<!--content-->not a problem
if you have any problems with it, just Private Message (<!-- m --><a class="postlink" href="http://www.htmlforums.com/private.php?action=newmessage&userid=599">http://www.htmlforums.com/private.php?a ... userid=599</a><!-- m -->) me<!--content-->