|
 |
asp_database_setup thread: How do I password a site?
Message #1 by "Mike" <mg188@c...> on Thu, 15 Aug 2002 00:25:02 -0700
|
|
I want to have people enter a password to enter my home page. I thought of
trying it this way:
Doorway.html has instructions and a link to asp page 1.
The visitor enters the password on asp page 1 which is submitted to asp page
2.
Asp page 2 checks the password and if ok redirects to the home page.
I tested this on my standalone machine at home, but haven't put it on the
webhost yet.
How secure is this? I'm not guarding the Hope diamond or anything, but it'd
be nice to have a little security at this stage. Is there an easier, less
awkward way?
Thanks
Message #2 by "Drew, Ron" <RDrew@B...> on Thu, 15 Aug 2002 07:50:49 -0400
|
|
If this is just a single signon password for all special users, you
can...
.............1. On the doorway.html..........................
<SCRIPT LANGUAGE=3D"javascript">
<!-- Begin
var newwindow =3D null;
function LinkForm(){
newwindow =3D window.open('../gatekeeper.htm', 'theKeeper',
'width=3D350,height=3D200,resizable=3D1');
}
//--End -->
</script>
</HEAD>
<BODY onload=3D"LinkForm()">
............2. Gatekeeper.htm would...............................
<html><head>
<script src=3D"../scripts/password.js"></script>
</head>
<BODY onLoad=3D"top.window.focus()">
<TABLE BORDER=3D0 CELLPADDING=3D0 CELLSPACING=3D0 WIDTH=3D350>
<TR>
<TD background=3D"../../images/keeper.gif" WIDTH=3D200 height=3D200
rowspan=3D2>
<TD WIDTH=3D120 ALIGN=3DLEFT VALIGN=3DMIDDLE>
<FONT FACE=3D"ARIAL" SIZE=3D2><B>Hold on. You'll need a password to
get
in here.</font>
<br><BR><font color=3Dred>Enter Password</B></FONT><BR>
<FORM NAME=3D"testform">
<INPUT TYPE=3D"password" NAME=3D"inputbox" VALUE=3D"" size=3D15>
<INPUT TYPE=3D"button" NAME=3D"button" value=3D"Submit"
onClick=3D"goForit(this.form)" size=3D15>
</FORM></TD></tr></TABLE></body></html>
.............3. Notice the actual script to test the password is in
another directory (password.js)...
Password.js looks like this....
<!-- Begin
function goForit() {
var location;
var password;
password=3Dthis.document.testform.inputbox.value;
password=3Dpassword.toLowerCase();
if (password=3D=3D"inv") {
location=3D"invoicemenu.htm";
fetch(location);
theKeeper=3Dwindow.close();
}
else if (password=3D=3D"pay") {
location=3D"../../payment/data/payment.htm";
fetch(location);
theKeeper=3Dwindow.close();
}
else {
alert("Password Invalid");
location=3D"../../homepages/future.htm";
theKeeper=3Dwindow.close();
fetch(location);
}
}
function fetch(location) {
var root;
if (opener.closed) {
root=3Dwindow.open('','theKeepersGopher','toolbar=3Dyes,location=3Dyes,st
atus=3D
yes,menubar=3Dyes,scrollbars=3Dyes,resizable=3Dyes,copyhistory=3Dno');
root.location.href =3D location;
} else {
opener.location.href =3D location;
}
}
// End -->
....good luck
Ron
-----Original Message-----
From: Mike [mailto:mg188@c...]
Sent: Thursday, August 15, 2002 3:25 AM
To: ASP Database Setup
Subject: [asp_database_setup] How do I password a site?
I want to have people enter a password to enter my home page. I thought
of trying it this way:
Doorway.html has instructions and a link to asp page 1.
The visitor enters the password on asp page 1 which is submitted to asp
page 2. Asp page 2 checks the password and if ok redirects to the home
page.
I tested this on my standalone machine at home, but haven't put it on
the webhost yet.
How secure is this? I'm not guarding the Hope diamond or anything, but
it'd be nice to have a little security at this stage. Is there an
easier, less awkward way?
Thanks
%%email.unsub%%
Message #3 by "Mike" <mg188@c...> on Thu, 15 Aug 2002 09:47:59 -0700
|
|
Thanks Ron!
So it looks like the key is to keep the password.js script and the protected
pages in directories that are password-accessible only.
I like your idea of using multiple passwords to direct to different pages,
including one for invalid passwords.
Questions: - what is 'theKeepersGopher'? Also, what does "copyhistory=no"
mean?
Thanks again.
----- Original Message -----
From: "Drew, Ron" <RDrew@B...>
To: "ASP Database Setup" <asp_database_setup@p...>
Sent: Thursday, August 15, 2002 4:50 AM
Subject: [asp_database_setup] RE: How do I password a site?
> If this is just a single signon password for all special users, you
> can...
> .............1. On the doorway.html..........................
> <SCRIPT LANGUAGE="javascript">
> <!-- Begin
> var newwindow = null;
> function LinkForm(){
> newwindow = window.open('../gatekeeper.htm', 'theKeeper',
> 'width=350,height=200,resizable=1');
> }
> file://--End -->
> </script>
>
> </HEAD>
> <BODY onload="LinkForm()">
> ............2. Gatekeeper.htm would...............................
> <html><head>
> <script src="../scripts/password.js"></script>
> </head>
> <BODY onLoad="top.window.focus()">
> <TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=350>
> <TR>
> <TD background="../../images/keeper.gif" WIDTH=200 height=200
> rowspan=2>
> <TD WIDTH=120 ALIGN=LEFT VALIGN=MIDDLE>
> <FONT FACE="ARIAL" SIZE=2><B>Hold on. You'll need a password to get
> in here.</font>
> <br><BR><font color=red>Enter Password</B></FONT><BR>
> <FORM NAME="testform">
> <INPUT TYPE="password" NAME="inputbox" VALUE="" size=15>
> <INPUT TYPE="button" NAME="button" value="Submit"
> onClick="goForit(this.form)" size=15>
> </FORM></TD></tr></TABLE></body></html>
> .............3. Notice the actual script to test the password is in
> another directory (password.js)...
> Password.js looks like this....
> <!-- Begin
> function goForit() {
> var location;
> var password;
> password=this.document.testform.inputbox.value;
> password=password.toLowerCase();
> if (password=="inv")
> location="invoicemenu.htm";
> fetch(location);
> theKeeper=window.close();
> }
> else if (password=="pay")
> location="../../payment/data/payment.htm";
> fetch(location);
> theKeeper=window.close();
> }
> else {
> alert("Password Invalid");
> location="../../homepages/future.htm";
> theKeeper=window.close();
> fetch(location);
> }
> }
> function fetch(location) {
> var root;
> if (opener.closed) {
>
> root=window.open('','theKeepersGopher','toolbar=yes,location=yes,status
> yes,menubar=yes,scrollbars=yes,resizable=yes,copyhistory=no');
> root.location.href = location;
> } else {
> opener.location.href = location;
> }
> }
> // End -->
>
> ....good luck
> Ron
>
>
> -----Original Message-----
> From: Mike [mailto:mg188@c...]
> Sent: Thursday, August 15, 2002 3:25 AM
> To: ASP Database Setup
> Subject: [asp_database_setup] How do I password a site?
>
>
> I want to have people enter a password to enter my home page. I thought
> of trying it this way:
>
> Doorway.html has instructions and a link to asp page 1.
> The visitor enters the password on asp page 1 which is submitted to asp
> page 2. Asp page 2 checks the password and if ok redirects to the home
> page.
>
> I tested this on my standalone machine at home, but haven't put it on
> the webhost yet.
>
> How secure is this? I'm not guarding the Hope diamond or anything, but
> it'd be nice to have a little security at this stage. Is there an
> easier, less awkward way?
>
> Thanks
>
>
>
> %%email.unsub%%
>
>
%%email.unsub%%
>
>
>
Message #4 by "Drew, Ron" <RDrew@B...> on Thu, 15 Aug 2002 13:04:11 -0400
|
|
The "theKeepersGopher" is just a name I gave the window...you can call
it anything you want.
copyhistory=3Dno does not allow for the history navigation such as
history.go(-1) to go back one URL
-----Original Message-----
From: Mike [mailto:mg188@c...]
Sent: Thursday, August 15, 2002 12:48 PM
To: ASP Database Setup
Subject: [asp_database_setup] RE: How do I password a site?
Thanks Ron!
So it looks like the key is to keep the password.js script and the
protected pages in directories that are password-accessible only.
I like your idea of using multiple passwords to direct to different
pages, including one for invalid passwords.
Questions: - what is 'theKeepersGopher'? Also, what does
"copyhistory=3Dno" mean?
Thanks again.
----- Original Message -----
From: "Drew, Ron" <RDrew@B...>
To: "ASP Database Setup" <asp_database_setup@p...>
Sent: Thursday, August 15, 2002 4:50 AM
Subject: [asp_database_setup] RE: How do I password a site?
> If this is just a single signon password for all special users, you
> can... .............1. On the doorway.html..........................
> <SCRIPT LANGUAGE=3D"javascript">
> <!-- Begin
> var newwindow =3D null;
> function LinkForm(){
> newwindow =3D window.open('../gatekeeper.htm', 'theKeeper',
> 'width=3D350,height=3D200,resizable=3D1');
> }
> file://--End -->
> </script>
>
> </HEAD>
> <BODY onload=3D"LinkForm()">
> ............2. Gatekeeper.htm would...............................
> <html><head>
> <script src=3D"../scripts/password.js"></script>
> </head>
> <BODY onLoad=3D"top.window.focus()">
> <TABLE BORDER=3D0 CELLPADDING=3D0 CELLSPACING=3D0 WIDTH=3D350>
> <TR>
> <TD background=3D"../../images/keeper.gif" WIDTH=3D200 height=3D200
> rowspan=3D2>
> <TD WIDTH=3D120 ALIGN=3DLEFT VALIGN=3DMIDDLE>
> <FONT FACE=3D"ARIAL" SIZE=3D2><B>Hold on. You'll need a password
to
> get in here.</font>
> <br><BR><font color=3Dred>Enter Password</B></FONT><BR>
> <FORM NAME=3D"testform">
> <INPUT TYPE=3D"password" NAME=3D"inputbox" VALUE=3D""
size=3D15>
> <INPUT TYPE=3D"button" NAME=3D"button" value=3D"Submit"
> onClick=3D"goForit(this.form)" size=3D15>
> </FORM></TD></tr></TABLE></body></html>
> .............3. Notice the actual script to test the password is in
> another directory (password.js)... Password.js looks like this....
> <!-- Begin
> function goForit() {
> var location;
> var password;
> password=3Dthis.document.testform.inputbox.value;
> password=3Dpassword.toLowerCase();
> if (password=3D=3D"inv")
> location=3D"invoicemenu.htm";
> fetch(location);
> theKeeper=3Dwindow.close();
> }
> else if (password=3D=3D"pay")
> location=3D"../../payment/data/payment.htm";
> fetch(location);
> theKeeper=3Dwindow.close();
> }
> else {
> alert("Password Invalid"); location=3D"../../homepages/future.htm";
> theKeeper=3Dwindow.close();
> fetch(location);
> }
> }
> function fetch(location) {
> var root;
> if (opener.closed) {
>
>
root=3Dwindow.open('','theKeepersGopher','toolbar=3Dyes,location=3Dyes,st
atu
> s=3D
> yes,menubar=3Dyes,scrollbars=3Dyes,resizable=3Dyes,copyhistory=3Dno');
> root.location.href =3D location;
> } else {
> opener.location.href =3D location;
> }
> }
> // End -->
>
> ....good luck
> Ron
>
>
> -----Original Message-----
> From: Mike [mailto:mg188@c...]
> Sent: Thursday, August 15, 2002 3:25 AM
> To: ASP Database Setup
> Subject: [asp_database_setup] How do I password a site?
>
>
> I want to have people enter a password to enter my home page. I
> thought of trying it this way:
>
> Doorway.html has instructions and a link to asp page 1.
> The visitor enters the password on asp page 1 which is submitted to
> asp page 2. Asp page 2 checks the password and if ok redirects to the
> home page.
>
> I tested this on my standalone machine at home, but haven't put it on
> the webhost yet.
>
> How secure is this? I'm not guarding the Hope diamond or anything,
> but it'd be nice to have a little security at this stage. Is there an
> easier, less awkward way?
>
> Thanks
>
>
>
> RDrew@B... To unsubscribe send a blank email to %%email.unsub%%
>
> ---
> Change your mail options at http://p2p.wrox.com/manager.asp or to
> unsubscribe send a blank email to
>
%%email.unsub%%
>
> ---
> Change your mail options at http://p2p.wrox.com/manager.asp or to
> unsubscribe send a blank email to
>
>
%%email.unsub%%
|
|
|
View Cart
