Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

password protection without htaccess

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Next:  Vitual host, donīt know how  
Author Message
invalid5

External


Since: May 09, 2004
Posts: 17



(Msg. 1) Posted: Sun May 09, 2004 10:07 am
Post subject: password protection without htaccess
Archived from groups: alt>apache>configuration (more info?)
Hi Im sorta new at using apache and I think I understand htaccess well
enough to get it to work in tests... allowing overrides in specific
directories only and then adding htaccess files in them.

But the documentation says its much preferable, when available, to use the
config file only and not to allow htaccess at all. I saw one example where
the lines that would go in htaccess instead go in between <directory>
</directory> in the config file... still pointing to an external password
file I assume. Does this sound right?

I also read about using PHP & SQL instead as a better alternative. That
should be no problem but how does this protect against someone bypassing
the php file by entering the URL of the protected files directly? Does each
file have to look for some kind of "passed" variable? The only thing that
comes to mind is an include file, added to everything, that checks for the
variable and redirects to some other page if its wrong. Does THAT sound
right?

Thanks everyone!

 >> Stay informed about: password protection without htaccess 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 2) Posted: Sun May 09, 2004 10:11 am
Post subject: Re: password protection without htaccess [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Theo <invalid DeleteThis @noemail.com> wrote:
 > Does this sound right?

Yes.

 > should be no problem but how does this protect against someone bypassing
 > the php file by entering the URL of the protected files directly?

The idea is that the 'protected' file isn't there until you are authorized
and after you get it is deleted or is a .php file itself and check if you
are authorized or not before showing himself.

Davide

--
| A fool must now and then be right by chance.
|
|
|<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: password protection without htaccess 
Back to top
Login to vote
hans1

External


Since: Mar 29, 2004
Posts: 672



(Msg. 3) Posted: Sun May 09, 2004 3:27 pm
Post subject: Re: password protection without htaccess [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Davide Bianchi" <davideyeahsure DeleteThis @onlyforfun.net> schreef in bericht
news:2g63tdF4qcuuU6@uni-berlin.de...
 > Theo <invalid DeleteThis @noemail.com> wrote:
  > > should be no problem but how does this protect against someone bypassing
  > > the php file by entering the URL of the protected files directly?
 > The idea is that the 'protected' file isn't there until you are authorized
 > and after you get it is deleted or is a .php file itself and check if you
 > are authorized or not before showing himself.
That is user validation by an application instead of by the webserver.

Do have a peek at some of the modules in <a style='text-decoration: underline;' href="http://mod-auth.sourceforge.net/" target="_blank">http://mod-auth.sourceforge.net/</a>
to find a way to let (the next version of ) Apache validate lots of users
without ao .password file

Browse at <a style='text-decoration: underline;' href="http://modules.apache.org/search?query=true&search=mod_auth_" target="_blank">http://modules.apache.org/search?query=true&search=mod_auth_</a> for
current available options


HansH<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: password protection without htaccess 
Back to top
Login to vote
invalid5

External


Since: May 09, 2004
Posts: 17



(Msg. 4) Posted: Sun May 09, 2004 9:11 pm
Post subject: Re: password protection without htaccess [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"HansH" <hans.DeleteThis@niet.op.het.net> wrote in
news:c7l13b$h6i$1@news.cistron.nl:

<font color=purple> > Browse at <a style='text-decoration: underline;' href="http://modules.apache.org/search?query=true&search=mod_auth_</font" target="_blank">http://modules.apache.org/search?query=true&search=mod_auth_</font</a>>
 > for current available options

Thanks to you both.

Looks like for it to work well (at least insofar as protecting folders) the
module needs to be installed, so I cannot assume it is available on the
hosting site. A few of the other examples I saw did not need it, but only
protect single files. That looks like some simple scripting with a form and
posting the results to the next page, which preform the check either based
on a mysql database or hard coded.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: password protection without htaccess 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Some newbie questions regarding using .htaccess for passwo.. - Apologies if this is the wrong group for this, I tried searching dejanews but was unable to narrow my search down enough to get anything useful. The scenario: Local soccer team wants a password protected directory on their site, we have found a host/ISP...

password protection (.htaccess) and streaming mp3's - Hey folks, just for the record this work in winamp. I have an apache web server with an mp3 link that is password protected. After authorization you can see the mp3's. Click on a link and the little web engine I'm using (Zina) automagically creates a..

Excluding a single file from .htaccess password protection? - Hi, I've added .htaccess password protection to my web site for various reasons. However, I think it would be nice to have a welcome page that's accessible to everyone. Is there any way to exclude a single file (ie, index.html) from being protected...

password protection - Hi all, I try to make a folder of my webserver protected by a password using ..htaccess ... Here is my .htaccess file : AuthUserFile /cca/www/htdocs/phpMyAdmin/.htpasswd AuthGroupFile /dev/null AuthName "Restricted Directory" AuthType Basic ...

Apache password protection - I am trying to passowrd protect a bit of my web site and I only have ftp access to my areas. I have put an .htaccess file in the directory and it prompts me for a user/password - fine. I have an .htpasswd file with usernames in it. My problem is..
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]