passwords in the source?

J

jp2code

I've got some files that are not very sensitive. Mostly history files from
email sessions using our contact forms.

I'd like to password protect these files so that if someone happened to get
a link to it, they couldn't start passing it all around for anyone to read,
and I certainly wouldn't want the link to find its way into a Google search!

I've thought about creating a password string that I could hold in the <%
Code:
 %> portion of my .asp pages. Then, if someone tries to open a history
file, they are first prompted for a password. If it matches what is in the
<% [code] %> section, they get in.

I just feel like my password is left out in the clear if I include it as
part of the asp code.

Is this way ok, or bad?

Is there a better way?

What is a good, simple way to implement this? If someone knows of an example
application somewhere, I'd be happy to see that link.
 
A

Anthony Jones

jp2code said:
I've got some files that are not very sensitive. Mostly history files from
email sessions using our contact forms.

I'd like to password protect these files so that if someone happened to get
a link to it, they couldn't start passing it all around for anyone to read,
and I certainly wouldn't want the link to find its way into a Google search!

I've thought about creating a password string that I could hold in the <%
Code:
 %> portion of my .asp pages. Then, if someone tries to open a history
file, they are first prompted for a password. If it matches what is in the
<% [code] %> section, they get in.

I just feel like my password is left out in the clear if I include it as
part of the asp code.

Is this way ok, or bad?

Is there a better way?

What is a good, simple way to implement this? If someone knows of an example
application somewhere, I'd be happy to see that link.
[/QUOTE]


Is this your server or is the site hosted by a third party?

On your own server it would be a simple matter of just turning off anonymous
access and turning on Windows Integrated security.
 
E

Evertjan.

jp2code wrote on 16 okt 2007 in microsoft.public.inetserver.asp.general:
I've got some files that are not very sensitive. Mostly history files
from email sessions using our contact forms.

I'd like to password protect these files so that if someone happened
to get a link to it, they couldn't start passing it all around for
anyone to read, and I certainly wouldn't want the link to find its way
into a Google search!

I've thought about creating a password string that I could hold in the
<%
Code:
 %> portion of my .asp pages. Then, if someone tries to open
a history file, they are first prompted for a password. If it matches
what is in the <% [code] %> section, they get in.

I just feel like my password is left out in the clear if I include it
as part of the asp code.

Is this way ok, or bad?

Is there a better way?

What is a good, simple way to implement this? If someone knows of an
example application somewhere, I'd be happy to see that link.[/QUOTE]


<META NAME="robots" CONTENT="noindex,nofollow">
<body>
<%
if request.form("pw") = "blahblah" then
session("ok")="ok"
end if
if session("ok")="" then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'> password<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>

You are in!
</body>
 
J

jp2code

I modified your code just a little, but that worked great!

Special thanks for the meta tag! I never would have thought to look there.

Thanks a lot!
 
A

Adrienne Boswell

I modified your code just a little, but that worked great!

Special thanks for the meta tag! I never would have thought to look
there.

You should also use robots.txt (Google for it). Understand that
misbehaving robots may not follow directives, so it IS a very good idea
to check server side. You can also do something like:

<a href="http://www.example.com" rel="noindex, nofollow">Some offsite
URL I want to give to my visitors, but don't want robots to follow</a>

Google and Slurp follow the above directive as well as robots.txt and
meta.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top