09-26-2002, 10:58 PM
ok i got a webserver
i plan to put on a PC shop
but i also want a tech support section
but for this i will try to use a board also outside regular mail accounts
but i dont want everybody to jump in on the forum and start asking questions
more like customers only
anyway to do this
i know htaccess but i have no idea how to set it up
they told me the best way is true the ssl
but i got no idea how to do it
cant find a tutorial either
anybody has one
or knows a better way to protect it
plan is people to need a login and password for accessing the board
any suggestions welcome :)
I'm a bit confused.
Do you want to protect directorys on your server (your title) or do you want to create an application that's only available for certain users (like your customers) ?( From the text in your post, I presume you wan't the last thing.)
Creating a pasword protected entry isn't difficult and there are numerous premade scrips (in almost every language)
What language(s) or you planning on using ?
10-01-2002, 01:26 PM
well no idea what kind language
i just want for example
if a visitor goes to www.mysite.com/test/
that he needs to enter a login and password
htaccess is the best thing i think but maybe their is something better
no idea about that
i'm using a lott of ASP at the moment.
in the ASP forum there's actually a thread were i posted some files for a login procedure were you have the extra that each user gets a "security-profil". the access to each pages and the displayed content on each page can be controled, can then be determined by the security profil the user has.
check it out
if you want to go for an 'easyer' and client sided tool, check out
(there are probably hundreds of premade scripts and stuff out on the web, buth building it yourself (in ASP or PHP or ...) really has some advantages)
10-01-2002, 02:17 PM
ok thx alot will check it out
10-01-2002, 09:43 PM
how secure is this
i had somebody who had a very good security
but for some reason it didnt work on my server only on his pc with apache
on my server it always sayed Can't enter to the database
no idea what caused
since i know crap about coding
but i need something very secure
htaccess is very secure Java things arent that good i was told
10-01-2002, 09:58 PM
to find out how secure something is, test it, it sounds stupid.
make a page which is so called secure and then post the link and see how many people can access it, via whatever means they like. On the password protected page add a hit counter and you will find out.
i`d be up to the chalenge of testing, and so would many others.
if you need something absolutely secure, you have to stay offline.
my experience (though limited because i don't work with topsecret information) is that if you use a server sided scripting language(JSP or ASP or PHP) and you make a securitycheck on every page (using session variables or database-connection) + you make a history check (to prevent that other user on a shared, unattenden, computer can jump back to those pages) + you work with a window without bars (no adress or status bar) + disable the right mouse button + you set a verry low timout time fore your application
well I think that your app is then fairly good protected. It won't be bulletproof, buth I can live with that. Creating it yourself has the extra advantage that there woun't be as many attemps to hack then on standard-tools. Of coarse, you also need to secure your server and database and the used lines etc.
buth indeed, why not test it. Set up some securitysystem and let us know.
10-02-2002, 10:13 PM
test it, you psge could just havr the text this is protected or something for a test.
every system has a flaw, some are harder to find
10-02-2002, 10:23 PM
going to do that
was joping the person who made the security found the problem that causes the new one to not work
but my guess the config file is different when u have unix server compared to a windows server using apache
thx for the help guys