Gossamer Forum
Home : Products : Links 2.0 : Installation -- Windows :

Protecting Admin!!

Quote Reply
Protecting Admin!!
Hi

I wonder if anyone out there can help? I have managed to get Links up and running and all is well other than the fact that my server administration staff do not appear to be able to password protect the admin directory. I am running on an NT server and I have placed the following files in the following locations and asked them to set the permissions accordingly:-

That all the .cgi files are set to:

chmod 755
IUSR/MACHINENAME: Read,Execute
IWAM/MACHINENAME: Read, Execute
Everyone: Read, Execute
Admin: Read, Write, Execute

The following directories contain .cgi files:-

localhost/cgi-bin/links
/add.cgi
/jump.cgi
/modify.cgi
/rate.cgi
/search.cgi
/subscribe.cgi

localhost/cgi-bin/links/admin
/admin.cgi
/nph-build.cgi
/nph-email.cgi
/nph-verify.cgi

That all of the files in the following directories;
localhost/cgi-bin/links/admin/data
localhost/cgi-bin/links/admin/templates
localhost/cgi-bin/links/admin/data/links.db.bak
are set to:-

chmod 666
IUSR/MACHINENAME: Read, Write
IWAM/MACHINENAME: Read, Write
Everyone: Read, Write

That the following directories;
localhost/links/pages
localhost/cgi-bin/links/admin/data/hits
localhost/cgi-bin/links/admin/data/rates
localhost/cgi-bin/links/admin/backup
are set to:-

chmod 777
IUSR/MACINENAME: Read, Write, Execute
IWAM/MACHINENAME: Read, Write, Execute
Everyone: Read, Write, Execute


They can successfully password protect the directory but that seems to alter all the permissions and hence the script won't work. I know very little about NT but I am sure that this should not be such a major problem, they seem to be at a total loss which is even more frustrating as I have actually paid for this service. If anybody can help it really would be appreciated! For instance can I restructure the files/locations or alter the permissions? and if so would this make a difference?

thanks in advance as always
Paul

By the way, they say they do not support .htaccess!

Struggling! But getting there (I think?)
Quote Reply
Re: Protecting Admin!! In reply to
Right...htaccess is for UNIX servers, not Windows servers. I would recommend trying the CGI scripts linked in the Password Protection Thread in the Links 2.0 Installation-UNIX.

Your best bet is to use a third party CGI script that will "password protect" your ADMIN scripts. I would highly recommend putting the .db files in a NON-WEB folder and then set-up a virtual directory to connect to that folder.

Your other option is to use DBMAN as the back-end data management script and do away with the admin.cgi script.

Good luck!

Regards,

Eliot Lee
Quote Reply
Re: Protecting Admin!! In reply to
Many thanks Elliot!

Believe it or not my host now tells me they can password protect the directory(?). We shall see!

regards
Paul

Struggling! But getting there (I think?)
Quote Reply
Re: Protecting Admin!! In reply to
If they are going to use Basic Plain Text Authentication, then keep in mind that it is not a very "secure" method. You can password "protect" directories if you have physical access to the server or if you have remote access via Windows Explorer. But the authentication methods are a bit risky...more so than using a third party software application that uses some level of encryption.

Regards,

Eliot Lee
Quote Reply
Re: Protecting Admin!! In reply to
Thanks Elliot, I'll bear that in mind!

Struggling! But getting there (I think?)
Quote Reply
Re: Protecting Admin!! In reply to
Hi

I have the same problem of Trying. Links works fine in my server, but if I protect the admin directory, some files (jump.pl, add.pl, etc.) have errors, because they do not find the file admin/links.cfg.

that I can do?
Thanks.



Pipolin
Si alguien quiere un grupo en espaņol en este foro, que mire esta url:
http://www.gossamer-threads.com/perl/forum/showflat.pl?Cat=&Board=GosDisc&Number=124267&page=0&view= collapsed&sb=5

Gracias.

Quote Reply
Re: Protecting Admin!! In reply to
I had a protracted conversation with Mr. Alex and friends on this very topic about a year and a half ago. If you've got a half-hour to kill, go read this interesting thread:

http://gossamer-threads.com/...mp;part=all&vc=1

I finally gave up on trying to convince him to password protect Links like every other program in the world. What we (us) ended up doing is just renaming the ADMIN.CGI file to something else when we're not using it. That way someone can't get into the admin function and screw with things, except when we're online doing the same, if you know what I mean. It's worked so far.

We just signed on with ReadyHosting.com. One of the main reasons is they've figured out how to password protect WinNT subdirectories, hopefully without the use of 'child' webs or sub webs. We'll see how it works out and I'll post the results here later.

Quote Reply
"There Are No Athiests In Fox Holes" In reply to
TEST SUCCESSFUL!

-------------------------
Snap Head's Homepage
http://www.lenon.com