Page 1 of 1

secure members area blocked by one password

Posted: Tue Aug 26, 2008 10:01 am
by iknowu99
I would like to create members only area. No unique username/passwords are required. Just one password, where when members sign up i can send them this pass and they can login. I am currently using only html and office frontpage for the website.

i realize this might have members passing the password to others, this is something i wouldnt be too happy about, perhaps you peoples have a solution?

Re: secure members area blocked by one password

Posted: Wed Aug 27, 2008 12:14 am
by califdon
iknowu99 wrote:I would like to create members only area. No unique username/passwords are required. Just one password, where when members sign up i can send them this pass and they can login. I am currently using only html and office frontpage for the website.

i realize this might have members passing the password to others, this is something i wouldnt be too happy about, perhaps you peoples have a solution?
You have 2 choices: you can let everyone have the same password (easy to do, you can even do it with a simple .htaccess file, if it's an Apache server, but has the disadvantage you recognize), or maintain an individual password system (requires maintenance for new or lapsed members, but gives you better control, including barring troublesome users). You can either do it with an .htaccess file that refers to a .passwd file (which has to be maintained) or with PHP and a small database. Your choice between the 2 is up to you. The number of potential members and how frequently you get new members or drop old ones should factor into your decision.

Re: secure members area blocked by one password

Posted: Wed Aug 27, 2008 1:42 am
by Mordred
If you want to sacrifice security so much (as to have a single password for many users), you can do it with with even lower tech -- a simple javascript:
User enters the "password" in an input field, you redirect them to "password".html, and if they typed it wrong they get no cigar. The .js can be as smart as to check if "password".html exists as well.

Just don't write the check like
if (password=="123456") window.location('secret.html')

I've seen such things once too often in the past...

Take care never to link to the secret url though, or the bots will crawl it, and then it's game over.

If it's really really secret data, you'd better listen to califdon, .htaccess is more secure, plus it can easily be extended to support multiple accounts.

Re: secure members area blocked by one password

Posted: Thu Aug 28, 2008 10:02 am
by iknowu99
thanks peoples!


right now it's ridiculous because i use the mordred's method of "password" .html
and i want to switch quick!

i would like to apply the .htaccess and i am fine having one password that califdon describes.

i really dont know what this .htaccess file does and how it works.

right now i have a html site that was created in frontpage. how to create this .htaccess file password system?

Re: secure members area blocked by one password

Posted: Thu Aug 28, 2008 10:12 am
by jayshields

Re: secure members area blocked by one password

Posted: Tue Sep 02, 2008 1:21 pm
by iknowu99
i learned i need to put the password in that file as well as block bad bots - http://www.javascriptkit.com/howto/htaccess13.shtml

what i also am trying to understand is in robots.txt file i can disallow robots to go to specific webpages...but if i mention them in robots.txt file....then the malicious users will know exactly where to look for the information without getting the members pass??

i'm hosting with yahoo small business >> will i be able to use the .htaccess at all?? where does one learn more?