Gossamer Forum
Home : Products : Links 2.0 : Discussions :

Cannot Password Protect ADMIN Dir

Quote Reply
Cannot Password Protect ADMIN Dir
Just received this reply from my ISP regarding not being able to password-protect my /admin directory.

==================================
Dear Mr. Bradford,

Sorry to take so long to get back to you. I had to do some research in some documents about the apache server and cgi stuff. What I have discovered is that:

1. to allow everyone to have their own cgi scripts in their own home cgi-bin directories, and still have sufficient security on the system, PE.net is using a package called CGIwrap. Using this package, you cannot password protect a single user's script, because the authentication logic already happens before you get to that point. Thus, you must either password protect everyone's scripts (ugh), or no one's.

2. You may be able to achieve the same effect by having some code at the top of your script send the same http protocol messages that the server sends to protect a document. I'll need to experiment with this approach a little bit to see if its viable. Will get
back to you with what I find out.

3. You also may be able to get there by pointing your browser to a very short .html file which simply redirects to a URL which is a CGI script. You then should be able to password protect the html file. I'll experiment with this approach also, and let you know what I find out.

Sorry to have to be the one to bring you bad news...
===============================

Anyone have an easy work-around for this problem???

Thank you,

- Clint Bradford
Quote Reply
Re: Cannot Password Protect ADMIN Dir In reply to
Download and install the PASSWORD ADMIN MOD in the LINKS MODIFICATION FORUM. Search the LINKS MODIFICATION FORUM for PASSWORD ADMIN MOD. It was written by widgetz.

Regards,

------------------
Eliot Lee....
Former Handle: Eliot
* Check Resource Center
* Search Forums
Quote Reply
Re: Cannot Password Protect ADMIN Dir In reply to
Not to be a prick, but I read that lengthy thread where the admin password mod was posted. No one came back and said, "It works!"

There were problems with corrupting a .db file (and widegtz's reply of "I could care less about that .db file), and other vague promises of releasing a Links v2-compliant mods file sometime in the future.

Since this issue directly affects those of us who use ISPs that use CGIwrap, I hope that it can be addresses with an "official" release from Gossamer Threads!

Whatever the cost - Links has proven to be a "winner" with my visitors.

Clint Bradford
Quote Reply
Re: Cannot Password Protect ADMIN Dir In reply to
The hostility and profanity is not necessary. And if you have complaints about the script, I would advise you to contact Alex directly. I am only trying to help you by pointing modifications that may help you.

Best of luck!

Regards,

------------------
Eliot Lee....
Former Handle: Eliot
* Check Resource Center
* Search Forums
Quote Reply
Re: Cannot Password Protect ADMIN Dir In reply to
>>...The hostility and profanity is not necessary...

There was no hostility intended...and I should have said, "Don't mean to be argumentative," I guess.

I am a fan of Links...my site's visitors appreciate it, too.

I just do not think that I am the only one whose ISP isn't allowing password protection of some sub-directories, and thought that this should be higher up on Gossamer Threads' list of improvements for future releases.

>>...if you have complaints about the script...

I lack the programming ability to recognize the shortcomings of any of this...I just read the thread that was recommended to me, and see that no one is 100% behind it. And it was Links v1.x-specific, too - not Links v2.x.

I'll keep watching here for suggestions, and sincerely appreciate this support forum.

- Clint Bradford
Quote Reply
Re: Cannot Password Protect ADMIN Dir In reply to
 
Quote:
improvements for future releases.

There are no projected future releases for LINKS 2.0. Gossamer Threads is consumed with enhancing LINKS SQL and DBMAN SQL. It has been alluded before in these forums that there will not be any future releases of the flat file version of LINKS. Sorry...

And even with adding a "security" measure in the script, there is virtually NO way through Perl scripts to protect directory contents. Even if you protect the admin.cgi and you do not have directory protection set-up through your server, I can still access your account and access your senstitive files, like the email.db and sell it to marketing companies...not to say that I would do that...but it is possible.

So, therefore, it is NOT a problem with LINKS, but with your hosting company. My suggestion is that if you are concerned about security and your hosting company will not provide directory protection, is that you switch hosting companies that offer secure data storage.

Regards,

------------------
Eliot Lee....
Former Handle: Eliot
* Check Resource Center
* Search Forums