Jump to content

protecting a freeweb

eruheru

By eruheru
in Computer Science

 Share

Recommended Posts

RyanJ

RyanJ

Posted
Posted
hey all' date='

im making a website on freewebs that only certain people are allowed to access, how can i password protect the site?[/quote']

 

.htaccess maybe? Its the best solution I can think of unless your looking for a user register & login system.

 

Cheers,

 

Ryan Jones

Link to comment
Share on other sites
RyanJ

RyanJ

Posted
Posted
Can you do that on freewebs?

I'm pretty sure that there's no php on freewebs either' date=' so I'm guessing that the best you can do is a JS or flash password protection.[/quote']

 

I'm not shure but ecoli makes a good point, give the link onlyto the people you want to see it and don't post the link on the internet so the bots can't pick it up. That should do the trick.

 

If freewebs don't allow .htaccess and or PHP I suggest you find yourself a better host.

 

Cheers,

 

Ryan Jones

Link to comment
Share on other sites
eruheru

eruheru

Posted
  • Author
Posted
Can you do that on freewebs?

I'm pretty sure that there's no php on freewebs either' date=' so I'm guessing that the best you can do is a JS or flash password protection.[/quote']

how would you do it with JS?

Link to comment
Share on other sites
Dak

Dak

Posted
Posted

iirc, freewebs offers some server-side gubbins, but i can't remember which, and it might be limited to server-side includes.

 

i remember seing something about password-protecting folders in the FAQ section on the freeweb account page, so the answre should be there.

Link to comment
Share on other sites
eruheru

eruheru

Posted
  • Author
Posted
iirc' date=' freewebs offers some server-side gubbins, but i can't remember which, and it might be limited to server-side includes.

 

i remember seing something about password-protecting folders in the FAQ section on the freeweb account page, so the answre should be there.[/quote']

you need a premium account for that, and i dont want to pay for it.

Link to comment
Share on other sites
RyanJ

RyanJ

Posted
Posted
I liked creating password screen with macromedia flash.

 

Like I said there is one major dissadvantage with using client side files, they can be downloadd and the password grabbed from the file.

 

ALWAYS use server side code where possble.

 

Cheers,

 

Ryan Jones

Link to comment
Share on other sites
5614

5614

Posted
Posted

It's actually quite hard to get a password from a .swf file. I'm not saying we can't do it, but remember that it's not obvious to the average person.

 

Also this is only a personal website, if he only gives out the URL to specific people... it's like what NeonBlack said: What protecting? From who? How much security do you want?

 

Klaynos; what do you mean it is a "heavy" way of creating a password?

 

RyanJ; I don't use freewebs, but from what I've read here I'm getting the idea that they don't allow server side scripts/code, so whilst what you say is a good general security point, it is not so applicable/useful here. Unless they do allow server side scripts...

Link to comment
Share on other sites
padren

padren

Posted
Posted

You could probably code some sort of one-way encryption into a flash file, and embed the hash. Then, a person types the password, it encrypts it, and compares what they typed to the hash that is stored in the flash file.

 

Its not ideal, as someone can download it, crack it open, and run a brute force challange of 00000000000000000000... through 11111111111111111111... on their own computer until they find the hash that matches to steal your password.

 

A funky way would to use the hash, then name the targetted file you want to hide <that_hash>.htm

 

instead of storing the correct hash in the flash, you link to the page, and it does a 404 error when wrong. Once someone gets through once, they could pass the link to anyone of course.

 

If you trust the people you want to see it, just call it OpenSesame.htm and no one will be able to find it if they don't type in the exact link - no password protection.

Link to comment
Share on other sites
RyanJ

RyanJ

Posted
Posted

RyanJ; I don't use freewebs' date=' but from what I've read here I'm getting the idea that they don't allow server side scripts/code, so whilst what you say is a good general security point, it is not so applicable/useful here. Unless they do allow server side scripts...[/quote']

 

No I know which is why they are useless as a host. If the person can see the code it can be easily broken, thing like JS and flash are no good for exactly the reason which I was trying to make :)

 

Cheers,

 

Ryan Jones

Link to comment
Share on other sites
5614

5614

Posted
Posted

If I had a .swf file and I want to see the code in it then what would I do? Convert it to .fla ? How? Because I've never found a proper working .swf to .fla converter.

 

And I second what CanadaAotS said... what is it you wanna protect?!?

Link to comment
Share on other sites
RyanJ

RyanJ

Posted
Posted
If I had a .swf file and I want to see the code in it then what would I do? Convert it to .fla ? How? Because I've never found a proper working .swf to .fla converter.

 

Probably the best way would be hard code the internal password with an MD5 encription and then do that for the input check - even if they download the file they will not get the access password :)

 

Cheers,

 

Ryan Jones

Link to comment
Share on other sites
padren

padren

Posted
Posted
Probably the best way would be hard code the internal password with an MD5 encription and then do that for the input check - even if they download the file they will not get the access password :)

 

Cheers' date='

 

Ryan Jones[/quote']

 

but they could brute force a text string in a loop until they found the matching md5 hash result that is embedded in the swf. Also, if you embed the password, do you embed the content?

What does the flash show you when the password is correct?

 

You really should go with .htaccess if you want to protect files.

 

Try to google for "free web hosting" + password + ".htaccess" or something, when you compare the time it takes to write a "quasi" functional client-side system vs. the time to find a decent free host that allows server side password protection, I think you'll find its better to go the server side route.

Link to comment
Share on other sites
RyanJ

RyanJ

Posted
Posted
but they could brute force a text string in a loop until they found the matching md5 hash result that is embedded in the swf. Also' date=' if you embed the password, do you embed the content?

What does the flash show you when the password is correct? [/quote']

 

Put it this way brute force and a password whos length over 6 characters encoded just does not work.

 

Show... it does not have to show anything, all it needs to do is some sort of coded redirect.

 

Cheers,

 

Ryan Jones

Link to comment
Share on other sites
padren

padren

Posted
Posted
Put it this way brute force and a password whos length over 6 characters encoded just does not work.

 

Show... it does not have to show anything' date=' all it needs to do is some sort of coded redirect.

 

Cheers,

 

Ryan Jones[/quote']

 

http://www.securiteam.com/tools/5WP031FA0U.html

 

You could md5 the redirection URL too, but one the person saw the new URL they got redirected to, they could bypass the password system after that point.

You may as well hand out the redirection URL to people instead of the password.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.