Gossamer Forum
Home : Products : Gossamer Links : Pre Sales :

Protect Dirs?!

Quote Reply
Protect Dirs?!
In my modify-only-with-password-mod i proofe id and password and only if they exist a link could be modified.
Now i think about protecting a dir with this way; so only if a user gives in the right id and password he will get a list with the "secret" urls. No prob so far; but with this every one could bookmark the given links, and no more identification is needed.
The next step could be to give back a dynamic frameset or dynamic site, but thatīs not a practical way for my project, cause in the "secret" area, there are some other cgis like forum and so on and i cant programm these tools for completely new.

So the best way could be a .htaccess (with auth_db) to get the ID and pass directly from my links-db.
But this wonīt help me, too.

So im looking for a way to protect a DIR, that only could be entered if the referrer is right, but without a cgi between. Has someone an idea, how to do? At the apache.org i cant find something about the .htaccess to do this?

But i think this would be really a great thing, isnīt it?
Maybe there are some special mods for the apache to ask for the referrer before let the people in.
So i will be the next hours at CPAN :-(


Quote Reply
Re: Protect Dirs?! In reply to
You could use .htaccess and "pass" the password and username into the .htpasswd file using crypt for the password field. I have done this for one of my scripts...however, I have not been able to pass modified passwords to the .htpasswd file.



Quote Reply
Re: Protect Dirs?! In reply to
Yes and No;
if i would use a normal .htaccess with mod_auth; the user needs entering data two times
and i must edit an .htpassword or use auth_db_mod to get data directly from links_db.

The better (and really cool) way is to build a new apache with a custom mod named referer_access_mod
With this you could do in a very easy way:

no access without referer
no access for all referers
access for referees from www.gagaga.com

So many people have build things to protect grafix or sites (javascript for aksing for frames,
dynamic-pages, cgis) but with this everything is possible and very, very easy to do.

Never more, someone could steal images or your site inaother frameset.
Im really happy about that :-)