[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Password Protect Utility

Subject: Re: [cobalt-users] Password Protect Utility
From: Diana Brake <diana@xxxxxxxxxxxxx>
Date: Wed Jun 6 11:08:04 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 08:15 PM 6/6/01, you wrote:

Can anyone recommend a secure, easy to use script that we can install on RaQ
2, 3, and 4 servers that allows customers to password protect the web enabled
directory the script is located in/running from?

We dont want to be doing this manually all the time and wondered if there is
something out there that the user can upload and run to do this themselves.
Of course it needs to be totally web secure and allow them to re-access it
and make changes, additions, deletions.

Thanks for the help!

George Gates
NY Web Doctor



Hi George

I use a script that was originally called access3.cgi.

The most likely place to get a copy is here:
http://www.io.spaceports.com/~wysardry/cgi/secure.htm

I have this set up for a client...(usage of the script is for one userIDfor each protected directory because there is no facility in this scriptfor adding more than one user to your htpasswd file) ...But with care, oneuser can use this script to password protect multiple directories withseparate users and passwords...Just be very careful to define the pathsproperly.Also, this script can be given to multiple vhosts for one user at eachsite...(*blushing since that was probably pretty obvious).


Caveats:

1. The script places both the .htaccess and .htpasswd files in theprotected directory. There is no function to allow placement of the.htpasswd elsewhere...(as the script is now written)2. if your permissions on the cgi-bin are too open...anyone can use thescript to lock someone out of any part of the website they can find thereis a directory for...including the /web. The script has no way to know ifthe proper user is using it.I set cgi-bin permission pretty tight...made sure cgi-bin and script wereowned by the siteadmin for that vhost, and then password protected thecgi-bin directory from http access so that only the siteadmin can get toit, AND placed a blank index.html file in the cgi-bin..(server wide I havedirectory browsing turned off too). The script will only protectdirectories owned by the script owner too...at least that's they way itworks on my machine with the permissions I have set.

You might wish to change the name of the script just so curious lookylooswon't try to guess that it is in your cgi-bin...*grin...do a search onGoogle for access3.cgi and see how may cgi-bins appear to be exposed.


HTH,
Diana
Crest Communications, Inc.		diana@xxxxxxxxxxxxx
Beautiful Sunny Florida		http://crestcommunications.com/
352-495-9359, 425-732-9785 fax

Follow-Ups:
- Re: [cobalt-users] Question on Password Protect Utility
  - From: Jorge Ceballos

References:
- [cobalt-users] Password Protect Utility
  - From: NYWebDoctor

Prev by Date: [cobalt-users] Raq3 with RunAway swatch
Next by Date: [cobalt-users] Cannot connect to Raq3 GUI Administration from outside intranet
Previous by thread: Re: [cobalt-users] Password Protect Utility
Next by thread: Re: [cobalt-users] Question on Password Protect Utility

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index