Loading ...
Sorry, an error occurred while loading the content.

[NH] Re: members' only area

Expand Messages
  • Larry Thomas
    Hi Kate, ... This does have one problem. I have found on occassion when I am surfing a web site that i can click on my URL box in Netscape and start deleting
    Message 1 of 12 , Nov 15, 1999
    • 0 Attachment
      Hi Kate,

      At 07:11 PM 11/15/1999 -0500, you wrote:
      >While you can get java apps which will let you password a web page, an
      >easier solution is to just give the name of the page to those who are
      >allowed on it. i.e. wanttoknow.com/secrets.html
      >
      >With this, regular surfers will just go to wanttoknow.com and only your
      >chosen ones will know to type in the extra page name!

      This does have one problem. I have found on occassion when I am surfing a
      web site that i can click on my URL box in Netscape and start deleting
      sections of the name back to sucessive slashes. Then press enter. Then I
      get a directory listing for the server site which will list like an
      explorer directory. When this happens, I can go to any html page listed in
      that on line folder including wanttoknow.com/secrets.html. This is not
      true of all sites but it does happen and you should check out your server
      before doing this.

      Regards,

      Larry
      larryt@...
    • chrispye@woodcarver.force9.co.uk
      Hi Thanks everyone for their suggestions - boy you re quick! - gives me some avenues to explore. I ll post the solution I end up with. Chris ...
      Message 2 of 12 , Nov 16, 1999
      • 0 Attachment
        Hi
        Thanks everyone for their suggestions - boy you're quick! - gives me
        some avenues to explore. I'll post the solution I end up with.
        Chris

        ---------------------------
        www.chrispye-woodcarving.com
        Dedicated to the teaching, learning, and love of woodcarving
      • Mark Pulver
        ... This depends on the server configuration... If this happens on your hosting service, then it s a huge security hole. You should bring it up to your site
        Message 3 of 12 , Nov 16, 1999
        • 0 Attachment
          Larry Thomas (09:05 PM 11/15/1999) wrote:

          >This does have one problem. I have found on occassion when I am surfing a
          >web site that i can click on my URL box in Netscape and start deleting
          >sections of the name back to sucessive slashes. Then press enter. Then I
          >get a directory listing for the server site which will list like an
          >explorer directory. When this happens, I can go to any html page listed in
          >that on line folder including wanttoknow.com/secrets.html. This is not
          >true of all sites but it does happen and you should check out your server
          >before doing this.

          This depends on the server configuration...

          If this happens on your hosting service, then it's a huge security hole.
          You should bring it up to your site admin or tech support folks and have
          them configure the server to not allow directory browsing.


          Mark

          __________________________________________________
          Check out the Waldorf Q: http://www.midiwall.com/q
        • Jody
          Hi Mark, ... I just had them turn it on for me *on* mine, but not allow to get to my parent folder. Happy HTML n! Jody http://www.sureword.com/notetab The
          Message 4 of 12 , Nov 16, 1999
          • 0 Attachment
            Hi Mark,

            >> This is not true of all sites but it does happen and you
            >> should check out your server before doing this.
            >
            > This depends on the server configuration...
            >
            > If this happens on your hosting service, then it's a huge
            > security hole. You should bring it up to your site admin or
            > tech support folks and have them configure the server to not
            > allow directory browsing.

            I just had them turn it on for me *on* mine, but not allow to get
            to my parent folder.

            Happy HTML'n!
            Jody

            http://www.sureword.com/notetab

            The NoteTab and Html List...
            mailto:Ntb-html-Subscribe@...
            mailto:Ntb-html-UnSubscribe@...
          • Mark Pulver
            Jody (10:16 AM 11/16/1999) wrote: Hi Jody! ... YIKES! :) Well, the problem with it Jody is that while it can be seen as a convenience when you just wanna drop
            Message 5 of 12 , Nov 16, 1999
            • 0 Attachment
              Jody (10:16 AM 11/16/1999) wrote:

              Hi Jody!

              >>> This is not true of all sites but it does happen and you
              >>> should check out your server before doing this.
              >>
              >> This depends on the server configuration...
              >>
              >> If this happens on your hosting service, then it's a huge
              >> security hole. You should bring it up to your site admin or
              >> tech support folks and have them configure the server to not
              >> allow directory browsing.
              >
              >I just had them turn it on for me *on* mine, but not allow to get
              >to my parent folder.

              YIKES! :)

              Well, the problem with it Jody is that while it can be seen as a
              convenience when you just wanna drop files into a folder and point someone
              to the subdir, it's easy to forget that it's there.

              I have a lot of nooks and crannies on my site that I really don't want
              people in. Things like SQL admin pages, the source code for my search
              engine, index files and archives for things, SQL table dumps, source for an
              NNTP ripper, etc.

              Remember also that depending on the rest of the server config, it may be
              sensitive to finding "index" (or "default") .html, .htm, .shtml, .htd,
              .htdl and others in a directory. This can become a can of worms if someone
              wanders into a directory.

              Once you allow someone to walk around your site, you're opening doors for
              people to find things that they may think they want. If they even _think_
              they want it, they will get it.


              Be careful out there... :)

              Mark
            • Jody
              Hi Mark, ... I understand all that, but *for me* everything I have on my site I have it there for people to get - I don t put anything on the web - even under
              Message 6 of 12 , Nov 16, 1999
              • 0 Attachment
                Hi Mark,

                >> I just had them turn it on for me *on* mine, but not allow to
                >> get to my parent folder.
                >
                > YIKES! :)

                > Once you allow someone to walk around your site, you're opening
                > doors for people to find things that they may think they want.
                > If they even _think_ they want it, they will get it.
                >
                >
                > Be careful out there... :)

                I understand all that, but *for me* everything I have on my site
                I have it there for people to get - I don't put anything on the
                web - even under a password protected area - that I would not
                want them to have. (Not that I have one - use to use Gatekeeper
                for fun, but took it down.)

                Happy HTML'n!
                Jody

                http://www.sureword.com/notetab

                The NoteTab and Html List...
                mailto:Ntb-html-Subscribe@...
                mailto:Ntb-html-UnSubscribe@...
              • Marco Bernardini
                ... Remember also to add to your root directory the file robots.txt to disallow private directories: if you write the file secrets.html I guess you don t
                Message 7 of 12 , Nov 17, 1999
                • 0 Attachment
                  >From: chrispye@...
                  >Subject: [NH] members' only area
                  >I want to create a 'members' only' page on my website

                  >From: "Grey Cat" <greycat@...>
                  >easier solution is to just give the name of the page to those who are
                  >allowed on it. i.e. wanttoknow.com/secrets.html

                  >From: Jody <KJB1611@...>
                  >You need to go cgi or the like for good security.

                  >From: Mark Pulver <mpulver@...>
                  >You should bring it up to your site admin or tech support folks and have
                  >them configure the server to not allow directory browsing.

                  Remember also to add to your root directory the file "robots.txt" to
                  disallow private directories: if you write the file "secrets.html" I guess
                  you don't like a link on AltaVista... even if the file is password protected.

                  To avoid directory browsing it's enough to put into it an index.html file
                  pointing elsewhere with a META redirection. BTW, the file "default.htm" is
                  a standard only on NT servers...

                  If your provider use Apache you can do a lot of interesting things with a
                  directory: for example, you can hide some files from browsing, leaving
                  visible other files.

                  I suggest you to download Apache server (it runs even on Win95!).
                  You can run it locally at the address http://localhost (there is a way to
                  add local web addressess, but it's out of topic here) and you can
                  experience everything you need *before* to put online your stuff, even CGI,
                  counters and so on.
                  I use it to "teach Internet" without the need of a modem.

                  Another solution can be a FileMaker 4.x server: the database can track
                  users and passwords, giving a very personal access to visitors, and there
                  is no need of CGI. Moreover, the same file can be used on Win and Mac.

                  Hope this helps!

                  Bye

                  Marco Bernardini
                  webmaster at
                  http://www.taggiasca.com
                  unofficial personal page:
                  http://marco.giorgiobernardini.com
                Your message has been successfully submitted and would be delivered to recipients shortly.