Jump to content

Password-protection System


Recommended Posts

Here is a link to an easy solution for those that just want a password-protected "Members Only" area of their site. It requires less than what aMember Free membership software offers, and the best part of all.......it's FREE! Installation is pretty straight forward if you READ the readme.txt file that's bundled with the zip download. I had it up and running in less than 2 minutes. Check out the website for more info.

 

www.Locked-Area.com

Link to post
Share on other sites

There should be a way to protect that file through chmod, but I don't have time to test it completely.... Anyone else that plays around with this app that could post back any findings would be appreciated.

Link to post
Share on other sites

I got the db list also, but only after I logged in and the script validated me as an authorized user. I'm not too up on password protection, but since the password is encrypted, would this be considered a serious security issue or not?

Link to post
Share on other sites
I got the db list also, but only after I logged in and the script validated me as an authorized user.  I'm not too up on password protection, but since the password is encrypted, would this be considered a serious security issue or not?

It appears that my members.db file is not in the protected area...

 

I installed LockedArea to the dir/lockedarea.

The area to be locked is in dir /mylockedarea.

The members.db file is located in /lockedarea, which is not locked :)

 

So, yes, provided that you specify the members.db location is within the locked area, then you should be nice and secure...until the member is logged in. Then with the specific file name, all members would be able to see the other members' profiles.

 

Charlotte, I wasn't really concerned with the encrypted password, but rather names and email addresses being unprotected from just any ol' bot or hacker or list finder that happened by. As a member, I'd be leary of joining a site that couldn't protect my email address.

Link to post
Share on other sites

I guess it would then depend upon where you store it. If I remember correctly, in the installation process, you can specify what directory you want the database file stored. Maybe I'll try this later on tonight (unless someone else wants to). It would stand to reason that if the database was stored in some other directory (root for example) that is not publicly available, then the contents would NOT be visible simply by entering a url in a web browser.

 

Again, I'm not that strong in this department, so by all means correct me if my thinking is off-base.

Link to post
Share on other sites

Steve, you're right on. It does give you the opportunity to enter the path of the db. Surely this can be made more secure just through using correct path options. I just wanted people to be aware that the default locations (as pre-filled by LockedArea) are at risk.

 

Post back here if you get any definitive suggestion for future users as to where the db file should be created. I'll try to tinker with some possibilities soon too.

Link to post
Share on other sites

FYI... I reinstalled Locked_Area and put the members.db in an area that should not be accessable to anyone except for the people who have access to cpanel:

 

/home/username/dbsafe/members.db.

 

I think this may solve the question of email addresses being available. Someone else may want to hack away and let me know if my thinking is on line.

 

BTW...it works just fine installed like that, too!

Link to post
Share on other sites
FYI... I reinstalled Locked_Area and put the members.db in an area that should not be accessable to anyone except for the people who have access to cpanel:

 

/home/username/dbsafe/members.db.

 

I think this may solve the question of email addresses being available. Someone else may want to hack away and let me know if my thinking is on line.

It's only safe from web browsers.

 

Anyone running PHP, or CGI, or shell scripts on the same server as you

can read it.

 

Web passwords only stop web browsers. They aren't good for security on

shared hosts.

Link to post
Share on other sites

Thanks, idallen. More food for tho't. I guess it's just another way of keeping honest people honest.

 

As I said before, I'm not totally up on these types of issues (but I'm learning quickly!).

 

Thanks again!

Link to post
Share on other sites
  • 1 year later...

:) I use SmartFTP. It's uploading setup.cgi file as BINARY. Does anyone know how to change this in SmartFTP?

 

EDIT: I looked at the SmartFTP FAQ files. I found the answer. So, nevermind!

Edited by malesims
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...