Well Joel, Definitely this sounds to solve the situation I have to deal. I'm not sure l'll get all this information at first read :) Anyway thank you very much for your help. I'll try to follow the whole thing step by step. Carlos -----Original Message----- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Saturday, January 01, 2000 3:33 PM Subject: [REBOL] Simple Password Checking Re:(4) >Carlos, > >SHORT SUMMARY: Find out if your ISP's web server is configured to >allow per-directory access control, normally done using files named >".htaccess" and ".htpasswd" (optionally ".htgroup" as well, but that's >likely more trouble than it's worth). Use of this mechanism will >trigger the standard UserID/Password mechanisms in the server and >the visitor's web browser. > >Unless you have a friendly contact there who can tell you, you may >just have to try it to see if it works. > >TEDIOUS DETAILS FOLLOW: > >A per-directory ACF, named ".htaccess" by default, lets you specify >to the server any exceptional handling you want applied to files in >an individual directory. (More about this in a few moments.) > >You will also need to have access to an executable copy of a utility >called "htpasswd", used to create a password file for the directory >you want to protect. If you have shell login access to your ISP >account (and are comfortable running unix commands), you can check to >see whether that utility is available to you. If not, I believe that >the c source for that utility can be found on the net, and you can >compile and run it on your own box. > >Use "htpasswd" to create a user password file called ".htpasswd" in >the directory you want to protect (or create it on your own box and >ftp it to that directory). Let's assume that you have done so, with >a user name of "Yewzer" and associated password of "s3cr3t". > >Assuming that your web directory is somthing like > > /users/carlos/public_html/ > >and you want to protect the "members-only" subdirectory under that >directory. NOTE that you need the actual directory on the host box, >not a relative directory such as might appear in a url of > > http://www.ispname.com/~carlos > >You create a file called ".htaccess" in the members-only directory. >That file would contain > > AuthUserFile /users/carlos/public_html/members-only/.htpasswd > AuthGroupFile /dev/null > AuthName By Secret Password Only! > AuthType Basic > <Limit GET> > require user Yewzer > </Limit> > >As a result of having these two files in your members-only directory >(assuming, again, that your ISP's server is configured to allow all >of this to behave properly), when someone tries to get a file from >that directory, such as > > http://www.ispname.com/~carlos/members-only/loveletters.html > >their browser will display the standard user authentication >dialog box. That person will have to type > > Yewzer > >into the User ID field and > > s3cr3t > >into the password field. > >This may appear to you to be a large effort -- it certainly was for >me the first time I tried to figure it all out and get it working! >The key question is simply whether your information deserves that >amount of security. > >For more information, check the Apache web site at > > http://www.apache.org/ > >or the O'Reilly & Associates book > > _Managing_Internet_Information_Services_ > >Chapter 21, "Web: Access Control and Security". > >Hope this helps! > >-jn- > > >[EMAIL PROTECTED] wrote: >> >> Hi Carlos, >> >> Since you have so many limitations on the server side, here are my >> suggestions. These won't give you a great deal of security, but will help >> limit access to the files and won't require the recipient to have a copy of >> REBOL.. >> >> 1. Create a page with the default file name ie index.htm or whatever, this >> is to prevent directory browsing. >> 2. Place files in this directory. >> 3. Email the filename & paths to those who are allowed to access these files >> 4. Rename the files once a week or so to help control who has access. >> >> Use REBOL to automate as much of the above as you like... >> >> Cheers, >> >> Allen K >> >> ----- Original Message ----- >> From: <[EMAIL PROTECTED]> >> To: <[EMAIL PROTECTED]> >> Sent: Thursday, January 01, 1998 11:04 PM >> Subject: [REBOL] Simple Password Checking Re:(2) >> >> Thank you Ted for your comments but actually I have no such a web server >> where I can manipulate permissions and so on. My website is hosted by some >> guys I don't even know but don't allow CGI scriptting on their server. >> >> I need to find ways that don't envolve server side solutions to handle >> protection file stuff. >> >> It seems that only with a Java Applet I could do that. Am I wrong? >> >> -----Original Message----- >> From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> >> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> >> Date: Thursday, December 30, 1999 5:13 PM >> Subject: [REBOL] Simple Password Checking Re: >> >> Why don't you want them to enter their own username and password? >> >> If that's not a critical requirement, and if you're using an Apache Web >> server, you should be able to do this just by editing a permissions file in >> whatever directories you want to protect. The browser would then prompt for >> the username and password automatically, and there is nothing else to do. >> Under Windows, I think if their desktoip login name/password matches a >> Website user/password, they might not be prompted at all, but I would have >> to check that. >> >> Another approach would be to use a script that checked the password in >> an internal file, and then passed them the URL to download from a secret >> directory on your server. If you didn't want them to bother with a password >> the second time, from the same location, you could save the user information >> in a cookie. >> >> In either case, they wouldn't need REBOL on their machines. It can all >> be handled server side. Entering the username/password at least once seems >> simpler than getting people to install REBOL to run one script. >> >> If this is a critical requirement for same reason, another idea might be >> to distribute a HTML page with their username and password embedded in a >> "click me" hyperlink, which would then send this to a server-side script >> (see approach /2). >> >> -Ted. >> >> *********** REPLY SEPARATOR *********** >> >> On 12/30/1999 at 3:28 PM [EMAIL PROTECTED] wrote: >> Hi Rebols, >> >> I'm fighting against the idea of having to learn Perl or Java just >> to get this small project: >> >> I'm considering the possibility of having a script on my web site >> that could grant permission to some users to download files according to the >> rights they have. >> >> The idea is to distribute REBOL.EXE to the people I want to access >> my web site so they can login without having to enter USERNAME & PASSWORD. >> >> All they have to do is to run this script that probably will have to >> have their username & password values inside it and also what files each >> user can download. >> >> Since username and password match, the script will write on user's >> machine their files. >> >> Is it possible? >> >> Does anyone here would like to make me a draft of this in REBOL? >> Some code I could use as a start point, since I'm a beginner. >> >> Thanks for any help >> >> Happy New Year to you all from Brazil!!!!!!!!!!!!!!!!! >> >> Carlos >
