Re: [WebDNA] directory protection questions

This WebDNA talk-list message is from

2008

It keeps the original formatting. numero = 100252
interpreted = N
texte = Okay, I understand it now... it is never preprocessed... as if it's the first thing parsed.I worked with a web app (Password Manager) that manages users for my Mac user website (it was already in place)... you can give it a tabbed text file with proper data and it will generate the usernames and passwords into the password file called 1.passwords, which will look like this:Mary1714:PMhFrkwIeyb7ABeth744:PMo0i7y3FIPcEafter it encrypts the passwords.The .htaccess file for the member directory looks like this:AuthUserFile [realpathnamehere]/1.passwordsAuthGroupFile /dev/nullAuthName membersAuthType Basicrequire valid-userSo what's to keep webdna from doing a writefile for 1.passwords? When I was researching this before, it seems that there are utilities out there that will generate the passwords. I'll look again and see if I can figure out how WebDNA can make use of these generators.I could do this manually each time someone signs up, but then they have to wait, and people don't want to do that when they join an adult site.Terryp.s. Currently, I serve up the full-sized images on a page-protected page and give them a slide show-type viewing experience at the same time. Anyone with a little knowledge can still determine the URL of the image, but my random numbering system thwarts outright image browsing.>You can use .htaccess for folder protection, and php will have the >same issues as webdna. This must be handled by the webserver since >it never gets handed off to a cgi/script like php webdna asp or cf.>>There are hacks around this but no pure way to protect a folder with >php/webdna/asp/cf etc>>You can call a .tpl with an image tag and do a redirect to the >image. Then put a authentication tag in the image.tpl file, but >ultimately the image is not protected since the webserver actually >serves the image to the browser>>

Re: [WebDNA] directory protection questions ("Tom Duke" 2008)
Re: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions ("Tom Duke" 2008)
RE: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions ("Tom Duke" 2008)
RE: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions ("Tom Duke" 2008)
Re: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions ("Tom Duke" 2008)
Re: [WebDNA] directory protection questions (Bob Minor 2008)
RE: [WebDNA] directory protection questions ("Will Starck" 2008)
Re: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions (Dale Therio 2008)
RE: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions (Terry Wilson 2008)
Re: [WebDNA] directory protection questions (Terry Wilson 2008)
RE: [WebDNA] directory protection questions ("Will Starck" 2008)
Re: [WebDNA] directory protection questions (Colin Sidwell 2008)
Re: [WebDNA] directory protection questions (Frank Nordberg 2008)
Re: [WebDNA] directory protection questions (Stuart Tremain 2008)
[WebDNA] directory protection questions (Terry Wilson 2008)

Okay, I understand it now... it is never preprocessed... as if it's the first thing parsed.I worked with a web app (Password Manager) that manages users for my Mac user website (it was already in place)... you can give it a tabbed text file with proper data and it will generate the usernames and passwords into the password file called 1.passwords, which will look like this:Mary1714:PMhFrkwIeyb7ABeth744:PMo0i7y3FIPcEafter it encrypts the passwords.The .htaccess file for the member directory looks like this:AuthUserFile [realpathnamehere]/1.passwordsAuthGroupFile /dev/nullAuthName membersAuthType Basicrequire valid-userSo what's to keep webdna from doing a writefile for 1.passwords? When I was researching this before, it seems that there are utilities out there that will generate the passwords. I'll look again and see if I can figure out how WebDNA can make use of these generators.I could do this manually each time someone signs up, but then they have to wait, and people don't want to do that when they join an adult site.Terryp.s. Currently, I serve up the full-sized images on a page-protected page and give them a slide show-type viewing experience at the same time. Anyone with a little knowledge can still determine the URL of the image, but my random numbering system thwarts outright image browsing.>You can use .htaccess for folder protection, and php will have the >same issues as webdna. This must be handled by the webserver since >it never gets handed off to a cgi/script like php webdna asp or cf.>>There are hacks around this but no pure way to protect a folder with >php/webdna/asp/cf etc>>You can call a .tpl with an image tag and do a redirect to the >image. Then put a authentication tag in the image.tpl file, but >ultimately the image is not protected since the webserver actually >serves the image to the browser>>

[returnraw]HTTP/1.0 302 Found>Location: [img].gif>>[/returnraw]>>you could try an image copy to a random name.gif and then redirect >to that random gif name deleting it after you served it.>>>On Jul 7, 2008, at 8:34 AM, Terry Wilson wrote:>>> That's what I was afraid of. But what doesn't exist... a solution, >>or a php file include equivalent?>>>>>>> It doesn't exist :(>>>>>> You will have to do it through your server SW.>>>>>> Regards>>>>>> Stuart Tremain>>> IDFK Web Developments>>> AUSTRALIA>>> webdna@idfk.com.au>>>>>>>>>>>>>>> On 07/07/2008, at 12:14 PM, Terry Wilson wrote:>>>>>>> Can someone point me in the right direction for managing >>>>directory protection with WebDNA? Not page protection... >>>>directory protection. I have libraries full of images on a >>>>pay-site, and would like to get this matter resolved once and for >>>>all. It needs to happen in real-time so people can gain access >>>>instantly. Is this only possible by using the .htaccess file? If >>>>so, can webdna write to it? If not, can I make some kind of >>>>include file via php? Is there some kind of special encryption >>>>for the passwords that WebDNA can handle? Am I so obviously >>>>clueless or what?>>>>>>>> Terry>>>> --Terry Wilson | terry@terryfic.com | http://terryfic.com>>>> http://WhosComing.com - a simplified, affordable online reservation system>>>> http://TightJacket.com -- stylish protection for your laptop>>>> -------------------------------------------------------------------------->>>> Attitude is the only difference between ordeal and adventure.>>>>>>>> --Terry Wilson | terry@terryfic.com | http://terryfic.com>> http://WhosComing.com - a simplified, affordable online reservation system>> http://TightJacket.com -- stylish protection for your laptop>> -------------------------------------------------------------------------->> Attitude is the only difference between ordeal and adventure.>>>>Robert Minor>Director of Internet Services>------------------------------------------------------------>Cybermill Communications>http://www.cybermill.com http://www.merchantmaker.com>>Providing Ecommerce and interactive website development and>hosting services on Macintosh, Windows NT, *nix, and AS/400.>>Complete ddos proof hosting solutions and network services.>>>>Attachment converted: Ruby:smime 6.p7s ( / ) (00528CA5)-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure. Terry Wilson

DOWNLOAD WEBDNA NOW!

Re: [WebDNA] directory protection questions

2008

Top Articles:

Related Readings: