eruheru Posted March 16, 2006 Posted March 16, 2006 hey all, im making a website on freewebs that only certain people are allowed to access, how can i password protect the site?
RyanJ Posted March 16, 2006 Posted March 16, 2006 hey all' date=' im making a website on freewebs that only certain people are allowed to access, how can i password protect the site?[/quote'] .htaccess maybe? Its the best solution I can think of unless your looking for a user register & login system. Cheers, Ryan Jones
NeonBlack Posted March 16, 2006 Posted March 16, 2006 .htaccess maybe? Can you do that on freewebs? I'm pretty sure that there's no php on freewebs either, so I'm guessing that the best you can do is a JS or flash password protection.
ecoli Posted March 16, 2006 Posted March 16, 2006 why bother... what are the chances of people randomly stumbling on your site, anyway. And if you don't give out the URL to wrong people than you shouldn't have a problem.
RyanJ Posted March 16, 2006 Posted March 16, 2006 Can you do that on freewebs?I'm pretty sure that there's no php on freewebs either' date=' so I'm guessing that the best you can do is a JS or flash password protection.[/quote'] I'm not shure but ecoli makes a good point, give the link onlyto the people you want to see it and don't post the link on the internet so the bots can't pick it up. That should do the trick. If freewebs don't allow .htaccess and or PHP I suggest you find yourself a better host. Cheers, Ryan Jones
eruheru Posted March 16, 2006 Author Posted March 16, 2006 Can you do that on freewebs?I'm pretty sure that there's no php on freewebs either' date=' so I'm guessing that the best you can do is a JS or flash password protection.[/quote'] how would you do it with JS?
eruheru Posted March 16, 2006 Author Posted March 16, 2006 i think ill change from freewebs. what do you suggest?
RyanJ Posted March 16, 2006 Posted March 16, 2006 how would you do it with JS? Client Side codes do not work because they can be dispbled, you need something server side. Cheers, Ryan Jones
Dak Posted March 16, 2006 Posted March 16, 2006 iirc, freewebs offers some server-side gubbins, but i can't remember which, and it might be limited to server-side includes. i remember seing something about password-protecting folders in the FAQ section on the freeweb account page, so the answre should be there.
eruheru Posted March 16, 2006 Author Posted March 16, 2006 iirc' date=' freewebs offers some server-side gubbins, but i can't remember which, and it might be limited to server-side includes. i remember seing something about password-protecting folders in the FAQ section on the freeweb account page, so the answre should be there.[/quote'] you need a premium account for that, and i dont want to pay for it.
NeonBlack Posted March 16, 2006 Posted March 16, 2006 You really need to consider these things: 1. What are you protecting? 2. Whom are you protecting it from? 3. What level of protection do you want/need?
Nezumi Posted March 16, 2006 Posted March 16, 2006 I liked creating password screen with macromedia flash.
RyanJ Posted March 17, 2006 Posted March 17, 2006 I liked creating password screen with macromedia flash. Like I said there is one major dissadvantage with using client side files, they can be downloadd and the password grabbed from the file. ALWAYS use server side code where possble. Cheers, Ryan Jones
Klaynos Posted March 17, 2006 Posted March 17, 2006 Also lots of people don't have flash. And that is VERY heavy way of creating a password protected thing...
the tree Posted March 17, 2006 Posted March 17, 2006 heh, Freewebs will do password protection for free anyways.
5614 Posted March 17, 2006 Posted March 17, 2006 It's actually quite hard to get a password from a .swf file. I'm not saying we can't do it, but remember that it's not obvious to the average person. Also this is only a personal website, if he only gives out the URL to specific people... it's like what NeonBlack said: What protecting? From who? How much security do you want? Klaynos; what do you mean it is a "heavy" way of creating a password? RyanJ; I don't use freewebs, but from what I've read here I'm getting the idea that they don't allow server side scripts/code, so whilst what you say is a good general security point, it is not so applicable/useful here. Unless they do allow server side scripts...
Klaynos Posted March 17, 2006 Posted March 17, 2006 System intencive for the user and bandwidth intencive for the server. Compared to a simple .htaccess... Most free hosts I've come accross alow limited use. Althouth I cannot comment explicetly.
padren Posted March 18, 2006 Posted March 18, 2006 You could probably code some sort of one-way encryption into a flash file, and embed the hash. Then, a person types the password, it encrypts it, and compares what they typed to the hash that is stored in the flash file. Its not ideal, as someone can download it, crack it open, and run a brute force challange of 00000000000000000000... through 11111111111111111111... on their own computer until they find the hash that matches to steal your password. A funky way would to use the hash, then name the targetted file you want to hide <that_hash>.htm instead of storing the correct hash in the flash, you link to the page, and it does a 404 error when wrong. Once someone gets through once, they could pass the link to anyone of course. If you trust the people you want to see it, just call it OpenSesame.htm and no one will be able to find it if they don't type in the exact link - no password protection.
CanadaAotS Posted March 18, 2006 Posted March 18, 2006 Ok, so at this point I'm sure were all just curious. What are you putting on a freeweb site that you would need to have password protected?
RyanJ Posted March 18, 2006 Posted March 18, 2006 RyanJ; I don't use freewebs' date=' but from what I've read here I'm getting the idea that they don't allow server side scripts/code, so whilst what you say is a good general security point, it is not so applicable/useful here. Unless they do allow server side scripts...[/quote'] No I know which is why they are useless as a host. If the person can see the code it can be easily broken, thing like JS and flash are no good for exactly the reason which I was trying to make Cheers, Ryan Jones
5614 Posted March 18, 2006 Posted March 18, 2006 If I had a .swf file and I want to see the code in it then what would I do? Convert it to .fla ? How? Because I've never found a proper working .swf to .fla converter. And I second what CanadaAotS said... what is it you wanna protect?!?
RyanJ Posted March 18, 2006 Posted March 18, 2006 If I had a .swf file and I want to see the code in it then what would I do? Convert it to .fla ? How? Because I've never found a proper working .swf to .fla converter. Probably the best way would be hard code the internal password with an MD5 encription and then do that for the input check - even if they download the file they will not get the access password Cheers, Ryan Jones
padren Posted March 18, 2006 Posted March 18, 2006 Probably the best way would be hard code the internal password with an MD5 encription and then do that for the input check - even if they download the file they will not get the access password Cheers' date=' Ryan Jones[/quote'] but they could brute force a text string in a loop until they found the matching md5 hash result that is embedded in the swf. Also, if you embed the password, do you embed the content? What does the flash show you when the password is correct? You really should go with .htaccess if you want to protect files. Try to google for "free web hosting" + password + ".htaccess" or something, when you compare the time it takes to write a "quasi" functional client-side system vs. the time to find a decent free host that allows server side password protection, I think you'll find its better to go the server side route.
RyanJ Posted March 18, 2006 Posted March 18, 2006 but they could brute force a text string in a loop until they found the matching md5 hash result that is embedded in the swf. Also' date=' if you embed the password, do you embed the content? What does the flash show you when the password is correct? [/quote'] Put it this way brute force and a password whos length over 6 characters encoded just does not work. Show... it does not have to show anything, all it needs to do is some sort of coded redirect. Cheers, Ryan Jones
padren Posted March 18, 2006 Posted March 18, 2006 Put it this way brute force and a password whos length over 6 characters encoded just does not work. Show... it does not have to show anything' date=' all it needs to do is some sort of coded redirect. Cheers, Ryan Jones[/quote'] http://www.securiteam.com/tools/5WP031FA0U.html You could md5 the redirection URL too, but one the person saw the new URL they got redirected to, they could bypass the password system after that point. You may as well hand out the redirection URL to people instead of the password.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now