password protecting a folder

[freemont]

Question: I'm still fairly new here. I've seen a number of people refer
to him as RtS; apparently the R stands for his name, Richard -- what
about tS?

I have a few speculations... but I think I'd prefer to keep them to
myself just now...

It's /not/ "Richard the Super-smart". :-|

 

[Beauregard T. Shagnasty]

Question: I'm still fairly new here. I've seen a number of people
refer to him as RtS; apparently the R stands for his name, Richard --
what about tS?

I have a few speculations... but I think I'd prefer to keep them to
myself just now...

<lol> Google for: Richard the St00pid

 

[Doug Miller]

<lol> Google for: Richard the St00pid

Ohhhhhhhhh -- he's *that* Richard.
<smacks forehead>
Why didn't I realize that?

 

[cwdjrxyz]

I suggest that you do not offer any further advice on password protecting
folders.


My browser offers me the *ONLY* option of downloading this file.

How is this an answer to merely requesting a password before viewing, in a
browser, the contents of some folder?

You download the file no matter when you are required to enter the
password. In the case of my example you download to a selected file on
your computer. If you enter a password while still on the server, you
download to a temporary cache and automatically open the downloaded
file from the temporary cache. Thus the only real extra step in the
method I show is that you have to delete the file when you finish
viewing it, which requires less than 1 second if you are fast - just
right click and select delete.

 

[Doug Miller]

You download the file no matter when you are required to enter the
password. In the case of my example you download to a selected file on
your computer. If you enter a password while still on the server, you
download to a temporary cache and automatically open the downloaded
file from the temporary cache. Thus the only real extra step in the
method I show is that you have to delete the file when you finish
viewing it, which requires less than 1 second if you are fast - just
right click and select delete.

One thing I think you're missing is that anyone can download such a file,
even people you don't want to download it -- and once I've downloaded the file
to my computer, I can then proceed to crack your password at my leisure, and
there's nothing you can do about it because the file is on *my* machine and
out of your control.

If the directory is password-protected on *your* server, then a
properly-configured server will kick me out after a predetermined number of
unsuccessful attempts.

 

[Jonathan N. Little]

You download the file no matter when you are required to enter the
password. In the case of my example you download to a selected file on
your computer. If you enter a password while still on the server, you
download to a temporary cache and automatically open the downloaded
file from the temporary cache. Thus the only real extra step in the
method I show is that you have to delete the file when you finish
viewing it, which requires less than 1 second if you are fast - just
right click and select delete.

But you are still missing the point, all you have done is password
protected *a* file and not the contents of a folder. The answer on
Apache servers is via .htacess file.

 

[cwdjrxyz]

One thing I think you're missing is that anyone can download such a file,
even people you don't want to download it -- and once I've downloaded the file
to my computer, I can then proceed to crack your password at my leisure, and
there's nothing you can do about it because the file is on *my* machine and
out of your control.

If the directory is password-protected on *your* server, then a
properly-configured server will kick me out after a predetermined number of
unsuccessful attempts.

If you use a long password consisting of both upper and lower case
letters and numbers generated by a random password generator, very few
people are qualified to crack it, and those who are must have some
good reason to do so to bother with it. I have cgi on my site(turned
off at the present), which allows download with a password, but it
would be a mistake to think that server side gives complete protection
either. You had better know what you are doing to write server side
scripts used for cgi. If you are not very careful you can end up with
something much worse than having your password protection cracked. You
can end up with your whole site defaced or taken down completely. In
short, there is no absolute method to protect anything on the web or
on your computer. People have spent much money and time attempting to
do so. Protection for DVD encryption and much more elaborate Blu-ray
encryption was soon cracked, and a business on an island state, where
it is not illegal, does a very good business in selling programs to
allow copying of encrypted DVD and Blu-ray discs. And the US CIA, the
Chinese, etc. are very good at cracking encryption if it is in their
interest to do so. Although server side scripting is very powerful for
the owner of the site, it also is very powerful for hackers. And don't
make the mistake of thinking that such problems are very important
only for Microsoft servers. A few years ago some hackers in Brazil
defaced a huge number of sites that were on non-Microsoft servers.

 

[cwdjrxyz]

But you are still missing the point, all you have done is password
protected *a* file and not the contents of a folder. The answer on
Apache servers is via .htacess file.

In my example I am only protecting a file that is a simple jpg. This
and the simple password was to keep the example simple. However you
can equally well protect the contents of a folder containing many
files such as "pic" on my server which contains dozens of images -
after all the basis of the downloaded file is a zip file which could
even include a whole web site, if not too large. This method of course
would not be suitable for protecting php files unless you know all
computers that would download the file can open php local files, and
many can not do so. The viewing computer, in such a case, might then
have to upload the php file to their site to view it. I use an Apache
server, and htacess file is the most easy way to protect. However some
people are on other types of servers, and some on hosted servers have
little or no access to server control panel settings.

 

[dorayme]

....


cwdjrxyz, can you please email me?

I want to ask you something about a DVD of a home-made or semi-pro made
movie (nothing illegal, all decent and the owner even appears in it) I
have and am supposed to upload to youTube. It's a bit tricky. I would
appreciate your advice. Appreciate you using "cwdjrxyz about DVD" as
subject please so I can grab it from junk folder if it is in there...

Otherwise I will have to make a password protected file with my query in
it and send the password via carrier pidgeon! <g>

 

[cwdjrxyz]

cwdjrxyz, can you please email me?

I want to ask you something about a DVD of a home-made or semi-pro made
movie (nothing illegal, all decent and the owner even appears in it) I
have and am supposed to upload to youTube. It's a bit tricky. I would
appreciate your advice. Appreciate you using "cwdjrxyz about DVD" as
subject please so I can grab it from junk folder if it is in there...

Otherwise I will have to make a password protected file with my query in
it and send the password via carrier pidgeon! <g>

I have sent you a comment and a return address using the subject label
you suggested. If you do not receive the mail, post here.

 

[dorayme]

I have sent you a comment and a return address using the subject label
you suggested. If you do not receive the mail, post here.

Not here yet. You, of course, are removing the RidThis bit?

 

[cwdjrxyz]

Not here yet. You, of course, are removing the RidThis bit?

The problem was likely with your email address since I just selected
to send email rather than post. I have resent from Yahoo mail this
time with the corrected address, and the message did not bounce back
in 10 minutes, although sometimes they can take much longer to
bounce.

 

[don]

Thanks for all that information - I will try it out - what about the command
crypt? I found this in an old Unix book
but the command comes up as "command not found" when I try and use it on a
file.

 

[dorayme]

The problem was likely with your email address since I just selected
to send email rather than post. I have resent from Yahoo mail this
time with the corrected address, and the message did not bounce back
in 10 minutes, although sometimes they can take much longer to
bounce.

Now received and a pestering email by me has been sent. <g>