code help to password protect a html page

bittihuduga

Hi
I have a html page with details of email ids and phone numbers
I dont this page to be visible to public visiting the page

is it any way i can password protect this html page?
i dont know any programming, so any copy paste code will help.

please suggest

Tom Dunne

There are so many ways to do this.

What is the web server setup? What platform is being used?

bittihuduga

the server is up on netfirms.com
i dont know anything more
it can take php, some cgi/perl too

Cantab.

.htaccess is simple and straigtforward

Loads of tutorials on the internet

Be careful when generating passwords using online password generators -- some sites are dodgy! Look for .edu domains (better still, generate your own passwords).

Sam Vimes

here's a simple way of doing it where you'll only have to copy and paste:

create a file called pass.htm and put this code in it:

<html>
	<body>
		<form action=pass.php method=post>
			<input type=text name=pass>Password<br>
			<input type=submit value=submit>
		</form>
	</body>
</html>

then in the same folder, create a file called pass.php and put this code in it:

<?php

$password="whateveryouwant";


$postPass=$_POST['pass'];
$getPass=$_GET['pass'];


if(strcmp($postPass,$password)==0 || strcmp($getPass,$password)==0)
{
	print <<<END
	this is the list<br>
	that you want to print<br>
	if the password <Br>
	is right<br>
	
END;
}
else
{
	print "wrong password";
}
?>

on the line $password="whateveryouwant";, change whateveryouwant to the password you want

and in this bit:
print <<<END
this is the list<br>
that you want to print<br>
if the password <Br>
is right<br>

END;

replace the text with your list


and that should be it. go to the pass.htm page and you'll be asked for a password. If you put the right one in you'll get the list and if you put the wrong one you'll get a "wrong password" message.

very basic but it'll do the job

bittihuduga

sam..
great help mate..
thanks a lot
the code works like a gem..
i am really happy

Cantab.

bittihuduga wrote: »

sam..
great help mate..
thanks a lot
the code works like a gem..
i am really happy

Be careful though!

Whilst that code is grand, be aware that it could be easily cracked with a bit of packet sniffing, by other users on your server, or by brute force.

Only you can decide how important your data is and what level of security is required to protect this data in a proportional manner.

Sam Vimes

Cantab. wrote: »

Be careful though!

Whilst that code is grand, be aware that it could be easily cracked with a bit of packet sniffing, by other users on your server, or by brute force.

Only you can decide how important your data is and what level of security is required to protect this data in a proportional manner.

this is true, it's not very secure. if you want i could make it so each user has their own user name and three wrong attempts would block the account until you manually re-actiavate it. would that be practical for what you want?

carthach

bittihuduga wrote: »

Hi
I have a html page with details of email ids and phone numbers
I dont this page to be visible to public visiting the page

is it any way i can password protect this html page?
i dont know any programming, so any copy paste code will help.

please suggest

If you're using Apache:-

http://httpd.apache.org/docs/1.3/howto/auth.html#basic

might be a bit more robust

FruitLover

Sam Vimes wrote: »

this is true, it's not very secure. if you want i could make it so each user has their own user name and three wrong attempts would block the account until you manually re-actiavate it. would that be practical for what you want?

That's not fixing the problem that Cantab has pointed out though. The best way to secure this would be to use TLS to encrypt the session; if this isn't possible, you'd want to get the server to calculate a random number to be sent as a nonce, then use javascript on the client side to hash the entered password with the nonce, then send the hash. The server would then compare its copy of the password (hashed with nonce). It's by no means flawless, but it'll protect against casual sniffing.

The Apache solution posted above suffers from the same problem of the password being sent in clear text.

Talliesin

carthach wrote: »

If you're using Apache:-

http://httpd.apache.org/docs/1.3/howto/auth.html#basic

might be a bit more robust

Unless it's over SSL the passwords are still sent in the clear. With http://httpd.apache.org/docs/1.3/howto/auth.html#digest then the password isn't sent in the clear but used for a cryptographic challenge-response. Also, the password need not be stored either (since the key to the challenge is a hash of the username, password and realm).

Basic's only worth using these days (that digest is so often supported) if you're programming it by hand (since it's a bit simpler than digest) and it's only used over SSL (so it's safe).