Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New to the CF scene
    Join Date
    Aug 2002
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Protecting certain directories on a server

    ok i got a webserver

    i plan to put on a PC shop
    but i also want a tech support section
    but for this i will try to use a board also outside regular mail accounts
    but i dont want everybody to jump in on the forum and start asking questions
    more like customers only

    anyway to do this
    i know htaccess but i have no idea how to set it up
    they told me the best way is true the ssl
    but i got no idea how to do it
    cant find a tutorial either

    anybody has one
    or knows a better way to protect it
    plan is people to need a login and password for accessing the board


    any suggestions welcome

    Thanks

  • #2
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm a bit confused.

    Do you want to protect directorys on your server (your title) or do you want to create an application that's only available for certain users (like your customers) ?( From the text in your post, I presume you wan't the last thing.)

    Creating a pasword protected entry isn't difficult and there are numerous premade scrips (in almost every language)

    What language(s) or you planning on using ?

  • #3
    New to the CF scene
    Join Date
    Aug 2002
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    well no idea what kind language
    i just want for example
    if a visitor goes to www.mysite.com/test/
    that he needs to enter a login and password
    htaccess is the best thing i think but maybe their is something better
    no idea about that

    thx

  • #4
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i'm using a lott of ASP at the moment.
    in the ASP forum there's actually a thread were i posted some files for a login procedure were you have the extra that each user gets a "security-profil". the access to each pages and the displayed content on each page can be controled, can then be determined by the security profil the user has.

    check it out
    log i n


    if you want to go for an 'easyer' and client sided tool, check out
    http://javascriptkit.com/script/cutindex6.shtml
    (there are probably hundreds of premade scripts and stuff out on the web, buth building it yourself (in ASP or PHP or ...) really has some advantages)

  • #5
    New to the CF scene
    Join Date
    Aug 2002
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok thx alot will check it out

  • #6
    New to the CF scene
    Join Date
    Aug 2002
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    how secure is this

    i had somebody who had a very good security
    but for some reason it didnt work on my server only on his pc with apache
    on my server it always sayed Can't enter to the database
    no idea what caused

    since i know crap about coding
    but i need something very secure
    htaccess is very secure Java things arent that good i was told


    Thx

  • #7
    Senior Coder
    Join Date
    Jun 2002
    Location
    UK
    Posts
    1,137
    Thanks
    0
    Thanked 0 Times in 0 Posts
    to find out how secure something is, test it, it sounds stupid.
    make a page which is so called secure and then post the link and see how many people can access it, via whatever means they like. On the password protected page add a hit counter and you will find out.
    i`d be up to the chalenge of testing, and so would many others.

    scroots
    Spammers next time you spam me consider the implications:
    (1) that you will be persuaded by me(in a legitimate mannor)
    (2)It is worthless to you, when i have finished

  • #8
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    sphinx,

    if you need something absolutely secure, you have to stay offline.
    my experience (though limited because i don't work with topsecret information) is that if you use a server sided scripting language(JSP or ASP or PHP) and you make a securitycheck on every page (using session variables or database-connection) + you make a history check (to prevent that other user on a shared, unattenden, computer can jump back to those pages) + you work with a window without bars (no adress or status bar) + disable the right mouse button + you set a verry low timout time fore your application

    well I think that your app is then fairly good protected. It won't be bulletproof, buth I can live with that. Creating it yourself has the extra advantage that there woun't be as many attemps to hack then on standard-tools. Of coarse, you also need to secure your server and database and the used lines etc.


    buth indeed, why not test it. Set up some securitysystem and let us know.

  • #9
    Senior Coder
    Join Date
    Jun 2002
    Location
    UK
    Posts
    1,137
    Thanks
    0
    Thanked 0 Times in 0 Posts
    test it, you psge could just havr the text this is protected or something for a test.
    every system has a flaw, some are harder to find
    scroots
    Spammers next time you spam me consider the implications:
    (1) that you will be persuaded by me(in a legitimate mannor)
    (2)It is worthless to you, when i have finished

  • #10
    New to the CF scene
    Join Date
    Aug 2002
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    going to do that
    was joping the person who made the security found the problem that causes the new one to not work
    but my guess the config file is different when u have unix server compared to a windows server using apache

    thx for the help guys


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •