I find a solution for a secure website with username and login. Who can help me?
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
If you are using a decent web host that uses cPanel then you can use their standard feature called Password Protected Directories.
This allows you to set username/password access to any Folder on your server.
Most hosts provide it whether through cPanel or it’s equivalent.
David
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
This sort of question can honestly be answered with the snarky koan: “how long is a piece of rope?”
There are a lot of questions that need to be answered first. How secure? What are you securing (medical info? client-specific secrets? cupcake recipes?). There are many many ways to skin this particular feline, and which one you choose depends in large measure on how careful you need to be, and how capable you are in the server admin and programming rackets (related, but often not overlapping skill sets), and how often you want to wake up in the middle of the night, screaming.
At the cupcake recipe end of things, there is an Action named Password Protected Page or something like that. I can’t honestly recommend it, because it uses “security through obscurity”, and therefore offers zero protection from leakage, whether that is intentional (a user “sharing” the link to the “protected” page) or inadvertent or just Google being evil. You use the Action to create a form on a page, which has a password field on it (it may also have a login field, but that is ignored). The trick here is that when you submit the form, you are redirected to [your-password].html. That’s all, it just takes you to a page named the same as your password. So this works fine for casual things, but unless you understand how Google works, and religiously remove all links to anywhere from your “protected” page, you stand to leak the existence of this page (and therefore its contents) through the “REFERER” [sic] tag.
At the client-specific secrets end of things, you may want to set up Apache realms using your host’s cPanel or equivalent. You’ll usually find this feature labeled Password Protected Folders or similar. When you do this, you define a particular folder in your Web server’s documents directory as requiring a password. Whenever the first file (per user session) is requested from that folder, the browser will put up a login dialog with username and password, and will not allow any requests of that folder to complete until the username and password are entered correctly. Once they have been, there will be no further challenges until the user’s session expires (window close on Windows, browser quit on Mac and iOS). This is quite secure (although the credentials travel in plain-text, so it can still be “sniffed”), but without any way to log out under user control, it fails to be a good enough solution for certain types of secrets. It will keep Google firmly out of your business. You can have multiple users with independent passwords for a single folder, although they will all see the same thing once they are in that folder. There is no way for a user to sign up for an account on their own – you will need to plumb the Stygian depths of cPanel each time you add a new user.
Further up the food chain, you have Web applications, like your bank’s online check register. That needs all kinds of security, and presents unique information to each user account. But it’s no different in principle* than any user account system you might find on http://hotscripts.com in the PHP section, or SiteLok, or if you’re really stuck for ideas, something from phpjabbers. User accounts are stored in a database, a visitor to a secured area is challenged for their username and password using a properly-designed login form (not the often ugly browser password dialog), they can log out when they’re done, the content they see can be customized to their account, pretty much the whole solution. The problem with this sort of approach is going to be the need for professional programming skill to install, configure, and customize it for your specific needs.
So if you can share more information about what you’re trying to secure, from whom, and any other details about your application, we can help you more specifically.
Walter
*In much the same way that a Smart PlusTwo is a car, and a Bugatti Veyron is also a car.
On Jul 17, 2014, at 7:47 AM, Chris Soudan wrote:
I find a solution for a secure website with username and login. Who can help me?
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Thanks for your help.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Hi David,
Thanks for your help.
Chris
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options