Gossamer Forum
Home : Products : Links 2.0 : Discussions :

6 hours later and still no password protection ...

Quote Reply
6 hours later and still no password protection ...
Hi,

I've been looking through the threads here in earnest hoping someone would have figured out how to solve this problem, but as yet haven't seen a solution.

I have link set up and working, only I'm aware of how vulnerable the admin.cgi script is. So, here's the story so far ...

Added .htacces and .htpasswd files to cgi-bin folder where admin.cgi, etc. lives. Worked fine but, and there is a but, it turns off access to my ad serving scripts in the same folder, so got password protection, but no ads.

Thought about it, moved the 'links' scripts to a sub-folder of cgi-bin (further down the tree) and set-to to update the script locations to accomodate the moved. After several hours I realised this was not an easy job, so reverted to original setup minus the .ht* files.

Had a second thought and moved my ad serving scripts to sub-folder (much easier to update than re-writing 'links'), and after several attempts finally got all the path names updated and ads working.

Added .ht* files into main top-level cgi-bin folder and damn me it recursively passwords the whole cgi-bin tree so knocks out my ads.

Any idea's?


All the best
Shaun

------------------
Quote Reply
Re: 6 hours later and still no password protection ... In reply to
1. add .htaccess to your admin dir.
2. put your advert scripts in your cgi-bin dir.

.htaccess will protect the dir that it is located in and any sub dir's.
Quote Reply
Re: 6 hours later and still no password protection ... In reply to
I already have the admin directory protected, its the *admin.cgi* script I want to protect in cgi-bin (I can only run scripts from cgi-bin nowhere else!)

I also run other cgi-bin scripts so .ht* files stop the use of all of them unless I move the 'links' scripts further down the tree by creating a subdirectory in cgi-bin - unfortunately this invalidates all the references the script makes to the admin/data directory.

Manually editing the script and adding ../ infront of the references works for some of the admin.cgi functions, but not for others.

I also run WebAdverts and that has a handy 'login' introduction before you start using the main functions of the script - would that be possible for admin.cgi (and is that what all the threads are about for v3.0?)

All the best
Shaun
Quote Reply
Re: 6 hours later and still no password protection ... In reply to
I don't understand why .htaccess is not the solution you are looking for.

jabberjaw's suggestion was right on. Just move your webadverts script to its own directory underneath the /cgi-bin/, like the following:

/cgi-bin/adverts/

.htaccess is more secure than cgi generated password protection. Why wouldn't you want to use it?

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------




Quote Reply
Re: 6 hours later and still no password protection ... In reply to
I've already tried that!! and in doing so it blocks all access to the ADS' scripts so they don't work (I now understand .htaccess to be recursive in its protection)

OK, let me try and explain it better:

/cgi-local/xx/ - Main CGI directory
/cgi-local/xx/ads - Ad Server Scripts
/cgi-local/xx/lp - Other Scripts

Adding .htaccess to /cgi-local/xx stops the ads and lp scripts from working

Moved the 'links' admin scripts to:

/cgi-local/xx/adm

Didn't work because all the file references went askew. I tried to update links.cfg which worked in part, but still gave errors as some parts of the scripts are located in:

/xx/admin

and using ../../ references only worked in some cases and it got rather confusing trying to direct the scripts to the required directories for their files, etc.

Does that help to explain it a bit better, or an I just confusing everyone?

What I originally want to find out was how I could move the admin scripts to a lower part of the cgi-local tree and still keep all the correct file references, thus allowing me to add .htaccess without switching everything else off.

The problem I encountered was that in moving the scripts further down the cgi-local tree, on updating links.cfg to reflect the changes in directory locations it simply work and threw up all sort of errors.

I'm trying again today, I'll either make it work or give up in frustration, but I'll give it my best shot Smile
Quote Reply
Re: 6 hours later and still no password protection ... In reply to
You need to password protect the admin directory ONLY.

Like the following:

/cgi-bin/ - NO .htaccess
/cgi-bin/links/admin - .htaccess
/cgi-bin/adverts/ - NO .htaccess

Does this make better sense? I sure hope so.

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------




Quote Reply
Re: 6 hours later and still no password protection ... In reply to
Hi Eliot,

Its does make sense and guess what? I tried again today after having a break from the scripts and - IT'S WORKING Smile

Apologies to those who were screaming IT DOES WORK at me, I was obviously in a confused, frustrated and tired state, but then we all have days like that now and again!

[This message has been edited by qango (edited January 14, 2000).]
Quote Reply
Re: 6 hours later and still no password protection ... In reply to
Good...glad you finally got it.

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------