Does anyone know how to password protect a web page? Our band has a web page and I would like to add a page that only the band members can access. Some of our band members live as far as 150 miles apart and long distance phone charges apply. A page designed to give each member a look at what songs will be on next weeks rehearsal session and other private messages could easily be accessed free since we all have internet access. I would just like to password protect that page. Anyone know a code for this?
P.S. Before you ask, yes I have thought about the e-mail route but instead of trying to remember or keep up with everyone's e-mail address, I'd rather edit the page when needed and let the other members be responsible for checking the page.
------------------
Gaylon's Homepage
www.geocities.com/nashville/1064
The Tyler Wails Band
www.geocities.com/tylerwails
<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Gaylon Mathews on 16 July 2000 at 06:54 PM.]</p></FONT>
Code for password protecting a web page?
Moderator: Wiz Feinberg
- Gaylon Mathews
- Posts: 833
- Joined: 4 Aug 1998 11:00 pm
- Location: Jasper, Georgia
- Contact:
-
- Posts: 35
- Joined: 4 Jan 2000 1:01 am
- Location: Toledo,Ohio
There's definately a way to do what you want, pay sites do it all the time, but I don't know how, maybe some sort of java script or something. I do have another idea though.
Make the URL to the page you want for members only, something only they know. As an example, www.myband.com/qbajdiufriovj111.html.
the odds of anyone else ever finding it are remote, and as an added security mesure, you could change it every so often, maybe once a month.
Hope this helps.
Make the URL to the page you want for members only, something only they know. As an example, www.myband.com/qbajdiufriovj111.html.
the odds of anyone else ever finding it are remote, and as an added security mesure, you could change it every so often, maybe once a month.
Hope this helps.
- Jack Stoner
- Posts: 22087
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
-
- Posts: 655
- Joined: 19 Oct 1998 12:01 am
- Location: Frederick, Maryland, USA
Gaylon, it's easy with Earthlink. The web space and ability to password protect it come with your account. Check http://help.earthlink.net/websupport/member/restrict.html for details. This page automagically generates .htaccess and .htpasswd files that you then place in the directory of the web site (or page) you wish to protect. Part of the .htaccess file would look something like this (replace the ()'s with <>'s)
AuthName RestrictedArea
AuthType Basic
AuthUserFile /www.myfiles.whatever (supply file name for passwords and usernames, which is encrypted)
(Limit GET POST)
require valid-user
(/Limit)
(Limit PUT DELETE)
deny from all
(/Limit)
Whatever the Earthlink generator spits out appears to work fine for me. There must be some encryption scheme for the usernames though which I can't help you with, I just use the generator page.
By the looks of it, it's all based on standard HTML that all browsers know what to do with...<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Dave Horch on 17 July 2000 at 01:36 PM.]</p></FONT>
AuthName RestrictedArea
AuthType Basic
AuthUserFile /www.myfiles.whatever (supply file name for passwords and usernames, which is encrypted)
(Limit GET POST)
require valid-user
(/Limit)
(Limit PUT DELETE)
deny from all
(/Limit)
Whatever the Earthlink generator spits out appears to work fine for me. There must be some encryption scheme for the usernames though which I can't help you with, I just use the generator page.
By the looks of it, it's all based on standard HTML that all browsers know what to do with...<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Dave Horch on 17 July 2000 at 01:36 PM.]</p></FONT>
- John Fabian
- Posts: 1228
- Joined: 4 Aug 1998 11:00 pm
- Location: Mesquite, Texas USA * R.I.P.
- Contact:
Try this link for password protection scripts:
http://cgi.resourceindex.com/Programs_and_Scripts/Perl/Password_Protection/
John Fabian
http://cgi.resourceindex.com/Programs_and_Scripts/Perl/Password_Protection/
John Fabian
-
- Posts: 741
- Joined: 18 Sep 1998 12:01 am
- Location: Dallas, TX
Unless you implement it from the server side, there isn't a foolproof way to offer password protection.
Rick's solution won't work unless you also create a dummy index page or unless directory access is restricted by the server. It's elementary to scan your site and return a list of all the files and directories.
Dave's idea is better because this is the way the server itself determines access privileges. However, this script is for a UNIX server (Solaris in this case) and won't work without modification on NT because Microsoft (surprise!) implements htaccess differently. You'll need to find out which platform your server uses.
John's solution <FONT SIZE="-2">(Hi John...)</FONT> is much better but requires that your server 1) allows you access to the CGI-BIN directory and 2) accepts third-party scripts.
The only client-side things you can try are Javascripts, as Rick suggested. Here are two, but there are many others available.
This one offers rudimentary encryption, while this one bumps the user out after three incorrect tries.
Be aware that any of these solutions other than the htaccess method are fairly easy to hack and will only deter the casual user. They should be fine for the purpose Gaylon intended but are grossly inadequate for protecting confidential information.
Regards,
Jeff
Rick's solution won't work unless you also create a dummy index page or unless directory access is restricted by the server. It's elementary to scan your site and return a list of all the files and directories.
Dave's idea is better because this is the way the server itself determines access privileges. However, this script is for a UNIX server (Solaris in this case) and won't work without modification on NT because Microsoft (surprise!) implements htaccess differently. You'll need to find out which platform your server uses.
John's solution <FONT SIZE="-2">(Hi John...)</FONT> is much better but requires that your server 1) allows you access to the CGI-BIN directory and 2) accepts third-party scripts.
The only client-side things you can try are Javascripts, as Rick suggested. Here are two, but there are many others available.
This one offers rudimentary encryption, while this one bumps the user out after three incorrect tries.
Be aware that any of these solutions other than the htaccess method are fairly easy to hack and will only deter the casual user. They should be fine for the purpose Gaylon intended but are grossly inadequate for protecting confidential information.
Regards,
Jeff
- Larry Bell
- Posts: 5550
- Joined: 4 Aug 1998 11:00 pm
- Location: Englewood, Florida
- Contact: