Need to create secure page on site.

A

Ancientone.....

Good afternoon.
I just discovered that google has a crawler that will actually go inside an
acrobat document and read the data! I need to developt a secure page or
area, where folks will have to actually "Do something" to get inside. (e.g.
a database holding passwords, some sort of keyed access only entry.)
the site is http://www.w8usa.org and the area is under the club library
area.
Do any of you folks have suggestions on how I can keep the data safe?
Thank you all for reading this.
Enjoy your weekend

R Ranta
"The years teach much which the days never knew"
Ralph Waldo Emerson
 
N

Nicholas Savalas - http://savalas.tv

Dear AncientOne,
As your content is already accessible to anonymous visitors, I'm not
exactly sure how far you wanna take your security scheme. Do you just
wanna keep Google out? Try changing the robots.txt file in your website
root (which I see that you do not have -
http://www.w8usa.org/robots.txt - you have to have one - that is just
webmastering 101). Here's a sample robots.txt file:

User-agent: *
Disallow: /

User-agent: Roverbot
Disallow: /

Just copy the above, paste into notepad, and upload to your server with
the name robots.txt. The example that I have given you will prevent
search engine spiders from indexing your web site at all. That may not
be good. Every folder that you want to be protected should be included
in the list above. I am almost certain that is not what you had in
mind. Plus, that trick never works, Bullwinkle. If there is any
direct html link to your page club_Library.htm - and I see that there
isn't (search engine spiders cannot read where your flash nav bar is
pointing, by the way)- a lot of spiders will index your page anyway. I
am not talking about a direct link to your page just on YOUR website, I
mean there can be no direct link to the library page anywhere on the
Internet.
The rest of this article assumes that you are hosted on a
Windows--based server, or at least one that can handle .asp extensions
on web pages. If you're not, ask your hosting company about upgrading
you to that service, or, if they do not offer it, give some strong
consideration to moving your website to one that does. Data driven
sites are far, far, superior in capabilities to straight html pages.
You can customize the user experience, provide information from remote
data sources, implement a powerful security schema, and so on. A whole
new world is going to open up to you. Let's continue.
Now, If you just want people to type in anything to get in (thereby
keeping the search engine spiders out), you can send an e-mail to every
one that you want to have access the username and password given below,
or create a login page with the username and password written right on
the page that they should enter. Here is how to do that. First,
create a new folder called library. Save
http://www.w8usa.org/club_Library.htm to the new folder and give it a
new name: http://www.w8usa.org/libary/library.asp - changing the file
name extension from htm to asp. will not make any difference, even
though FP will throw up a warning window. Do it anyway. Then, in HTML
view, erase all of the code on the page
http://www.w8usa.org/club_Library.htm , and replace it with :

<SCRIPT LANGUAGE="JavaScript">
window.location="http://www.w8usa.org/libary/index.asp";
// -->
</script>

I tell you to do this because that Flash menu bar that you've created
on the bottom of your page is hard coded to point to
http://www.w8usa.org/club_Library.htm - this way you will not have to
change that menu bar. Next, in the library folder, create a new page
called index.asp, and here's all the code that you need to put in that
page:

<%response.buffer=true%>
<%
response.redirect "login.asp"
%>

This will redirect visitors to your login page, and protect you from
nosy browsers. Now, let's create the login page. Here is the code for
that:

<%
Response.Expires = -1000
Response.Buffer = True
Session("UserLoggedIn") = ""
If Request.Form("login") = "true" Then
CheckLogin
Else
ShowLogin
End If
Sub ShowLogin
%>

<html>
<head>
<title>Please Login</title>
</head>
<body>
Please type in User Name: user - and Password: enter
<form action="login.asp" method="post">
User Name: <input name="username">
Password: <input type="password" name="userpwd">
<input type="hidden" name="login" value="true">
<input type="submit" value="Login">
</form>
</body>
</html>

<%
End Sub

Sub CheckLogin
If LCase(Request.Form("username")) = "user" And
LCase(Request.Form("userpwd")) = "enter" Then
Session("UserLoggedIn") = "true"
Response.Redirect "library.asp"
Else
Response.Write("User Name/Password entered is invalid. Please try
again.")
ShowLogin
End If
End Sub
%>

Remember to save this page as login.asp in the library folder. Now for
the easy part. You can create an entire subsection of your web in the
library folder, and every page will be protected as long as you add the
following code to the top of every page that you want to protect
(before the <html> tag):

<%
Response.Expires = -1000
Response.Buffer = True

If Session("UserLoggedIn") <> "true" Then
Response.Redirect("http://www.w8usa.org/libary/login.asp")
End If
%>

If the visitor has not logged in, they will be redirected back to the
login page. That's it. If, on the other hand, you would like to have
a database login system that forces the user to register, to use a real
e-mail address, allows them to set their own username and password,
and so on, a complete application for that can be found at:
http://aspalliance.com/178 - good luck, AncientOne.
 
A

Ancientone.....

Wow, I think you've covered just about anything I might want to try! I
remember the robot.txt thing, but its been so long ago. Our site is hosted
on a server running windows 2000. This host has been great to us. But
saying that, we've voted to move us to Yahoo!'s small business program.
The idea behind this whole security thing is that while if somebody want's
to find something about you, they can, I don't want to serve up that
information too easily.
Yes, the user code and password thing is what I was thinking of, but I'll
give the robot.txt routine a try right now.
Fortunety, I'm right in the middle of re-designing the site, from front page
up. So I do have a little more freedom to change things around.
Thanks for your untiring effort!

Richard Ranta ( a.k.a. ancientone, because a teenybopper thinks anything
over 25 is ancient!)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top