Secure password

Freeway
1

How do I create a secure password for my homepage. The only action I have seen is not a secure password script as the page URL can be manually entered or accessed through the browser history.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

2

http://freewaytalk.net/thread/view/7881

http://freewaytalk.net/thread/view/9618

Your best bet is probably setting it up through your site’s control panel through your ISP.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

3

Secure is a very variable word. Every decision in security is based
on the value to the attacker and to the owner. Let’s say you were a
bank, and people were logging in to access their checkbooks. You
would spend an enormous amount of time and money keeping people out
who did not belong, and you wouldn’t worry too much about
inconveniencing your legitimate users if it meant they were more
secure as a result. But if you are just trying to keep your neighbor
(who is a major doofus and technophobe) from reading your blog, then
there’s a completely different equation.

The next step up from the (hopelessly insecure, security through
obscurity) JavaScript approach would be to use your hosting
provider’s control panel (or a help-desk ticket filed with your
hosting provider) to create a password-protected realm on your Web
server. (This is often referred to as .htaccess or .htpasswd
security, because the files used to enable it are named that on the
world’s most popular Web server.) This will challenge the visitor for
a password before allowing them to enter the folder. Note that if you
do this on your home page parent folder, then absolutely nobody who
doesn’t have the password will even see your home page.

This next step up is fairly secure, but the username and password are
sent “in the clear” as plain text (and at the same time), so there’s
some concern there if you or your visitors use a valuable password
and frequent public internet terminals or use unencrypted wireless.
Also, if you are concerned about the design of your login screen,
then you will need to do something else. The login dialog presented
by this sort of system is generated by the browser, and not at all
under your control.

If you want something that is highly designed, or that uses
additional measures to identify the visitors, or that permits them to
log back in automatically, then you are into the realm of
programming, using an application server like PHP or similar to block
access to your private pages and redirect the visitor to a (well
designed) login screen, and sniffs their browser signature and other
identifying marks along with their credentials. That’s a much larger
step up, but you need to decide if the cost and effort is worth the
risk of exposing the content.

Walter

On Jul 10, 2008, at 6:50 AM, Peter Hennix wrote:

How do I create a secure password for my homepage. The only action
I have seen is not a secure password script as the page URL can be
manually entered or accessed through the browser history.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

4

Many thanks for the advices. I will start with contacting my hosting provider.
Peter

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

5

If you want to use a really simple “membership software” package try Omni-Secure http://www.omni-secure.com/index.php I’m using it with my site(s) and it works great. Also allows for custom login pages or a simple username/password box that you can place right on your home page.

I actually combined my login box with a slimbox so it produces a cool effect when my users go to login.

Ken

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

6

Ken, Omni-Secure looks interesting. Please mail me (email@hidden) a link to your home page.

Peter

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options