website directory access
I'm trying to stop people buggering about on my website and looking in directories they shouldn't be, this includes several robots that have started trawling through it. I have family pictures, and work related pictures. I want each group to only look at their own images (for example I don't want my family looking at the pictures of pissed-up perlmongers (not that I'm ashamed of you or anything :-) So I guess I have to make directories, and only tell people who need to know that they are there, and not link to them from any other publicly available page. I don't really like this, is there another way? I don't want to have to resort to .htpasswd files, which is what I've implemented for now. /Robert, realising that he doesn't know very much about web security actually
Re: website directory access
* at 01/02 12:35 - Robert Shiels said: I don't really like this, is there another way? I don't want to have to resort to .htpasswd files, which is what I've implemented for now. er, what's wrong with them? struan
Re: website directory access
On Thu, Feb 01, 2001 at 01:02:03PM -, Robert Shiels wrote: Well, publishing username/passwords to everyone who needs them is trickey, and getting people to remember them is also hard. For example, I took family photos, I want the whole family to look at them, and anyone else who they give the link to, but my mum has enough trouble connecting to the internet without remembering new usernames and passwords. You could give out urls with the usernames and passwords in? Michael
Re: website directory access
On Thu, Feb 01, 2001 at 01:02:03PM -, Robert Shiels wrote: For example, I took family photos, I want the whole family to look at them, and anyone else who they give the link to, but my mum has enough trouble connecting to the internet without remembering new usernames and passwords. Username 'shiels' with no password? -- David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/ Any technology distinguishable from magic is insufficiently advanced ** I read encrypted mail first, so encrypt if your message is important ** PGP signature
Re: website directory access
I don't really like this, is there another way? I don't want to have to resort to .htpasswd files, which is what I've implemented for now. er, what's wrong with them? Well, publishing username/passwords to everyone who needs them is trickey, and getting people to remember them is also hard. For example, I took family photos, I want the whole family to look at them, and anyone else who they give the link to, but my mum has enough trouble connecting to the internet without remembering new usernames and passwords. /Robert
Re: website directory access
On Thu, Feb 01, 2001 at 02:24:08PM +0100, Philip Newton wrote: Michael Stevens wrote: You could give out urls with the usernames and passwords in? Were you thinking of http://username:[EMAIL PROTECTED]/pics/drunkenperlmongers.jpg ? No such thing; RTFRFC for more info. There may well be no such thing, but since it works in just about every user agent, including LWP, that's a pretty bad argument against using it here in the Real World. It's a pretty obvious and compatible extension the the standard... .robin. -- "do not assume that you are in control of your own actions, but take responsibility for them anyway."
Re: website directory access
On Thu, Feb 01, 2001 at 02:24:08PM +0100, Philip Newton wrote: Michael Stevens wrote: You could give out urls with the usernames and passwords in? Were you thinking of http://username:[EMAIL PROTECTED]/pics/drunkenperlmongers.jpg ? No such thing; RTFRFC for more info. Being somewhat practical, they do tend to work. Michael
Re: website directory access
Robin Houston wrote: On Thu, Feb 01, 2001 at 02:24:08PM +0100, Philip Newton wrote: Michael Stevens wrote: You could give out urls with the usernames and passwords in? Were you thinking of http://username:[EMAIL PROTECTED]/pics/drunkenperlmongers.jpg ? No such thing; RTFRFC for more info. There may well be no such thing, but since it works in just about every user agent, including LWP, that's a pretty bad argument against using it here in the Real World. Hm. You're right; it works at least with MSIE and NS on Win32, also with LWP. I had only tried it out on one site with Lynx (2.8.3rel1) and got a "400 Bad Request: Your browser sent a request that this server could not understand. Client sent malformed Host header", so I suppose Lynx sent "username:[EMAIL PROTECTED]". It's a pretty obvious and compatible extension the the standard... I'll give you that. Cheers, Philip
