Preserved Topic: First post. First question. (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21206" title="Pages that link to Preserved Topic: First post. First question. (Page 1 of 1)" rel="nofollow" >Preserved Topic: First post. First question. <span class="small">(Page 1 of 1)</span>\$

bms2k Obsessive-Compulsive (I) Inmate From: sampa, Brazil Insane since: Dec 2001	posted 12-08-2001 02:15 Hello folks! Well, I'll skip any introductions an go for my question, if you don't mind... =) I'm writing a perl script to check for username and password for certain pages on my site. I'm using a flat file to store the usernames and passes. How can I chmod this file so people can't view/access/download/edit/etc?
bitdamaged Maniac (V) Mad Scientist From: 100101010011 <-- right about here Insane since: Mar 2000	posted 12-08-2001 04:16 You can't really make it untouchable since it needs to be owned and accessed by the web user (usually "nobody") however you can prevent most of this by putting it out of your htdocs folder and accessing it by it's absolute server path. You should also be able to encrypt the file so that anyone browsing it would be illegible. Don't know how to do it with perl but with php it's really easy. :[ Computers let you make more mistakes faster than any other invention in human history, with the possible exceptions of handguns and tequila. ]: [This message has been edited by bitdamaged (edited 12-08-2001).]
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 12-08-2001 09:50 You can also use Apache's built-in authentication... More information: http://www.bignosebird.com/apache/a10.shtml http://www.kelv.net/programming/htaccess/
bms2k Obsessive-Compulsive (I) Inmate From: sampa, Brazil Insane since: Dec 2001	posted 12-09-2001 03:55 Thanx guys! I think I'll try the first solution as I want to have a small html form for login. Well, thanx anyway Mr. Max!
bms2k Obsessive-Compulsive (I) Inmate From: sampa, Brazil Insane since: Dec 2001	posted 12-13-2001 02:44 Ok. I looked on some papers about unix permissions, but I can't set a text file permission so that people viewing my page won't be able to see/view this textfile. Is there a way to make it work?
Pugzly Paranoid (IV) Inmate From: 127.0.0.1 Insane since: Apr 2000	posted 12-13-2001 04:32 Your best bet is still to put it above the root folder (as bitdamaged mentioned). Users can't browse above that. Then it doesn't matter what permissions are on the file. The other option is to use .htaccess file(s). You can still use an HTML form for login, but it will display the username and password in plain text as part of the URL. An example can be seen at Asylum Try "asylum" for the username and "gimmepills" as the password When you get in, check the URL. edit: fixed the URL [This message has been edited by Pugzly (edited 12-13-2001).]

Preserved Topic: First post. First question. (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21206" title="Pages that link to Preserved Topic: First post. First question. (Page 1 of 1)" rel="nofollow" >Preserved Topic: First post. First question. <span class="small">(Page 1 of 1)</span>\$

bms2k
Obsessive-Compulsive (I) Inmate

From: sampa, Brazil
Insane since: Dec 2001

posted 12-08-2001 02:15

Hello folks!
Well, I'll skip any introductions an go for my question, if you don't mind... =)

I'm writing a perl script to check for username and password for certain pages on my site. I'm using a flat file to store the usernames and passes. How can I chmod this file so people can't view/access/download/edit/etc?

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted 12-08-2001 04:16

You can't really make it untouchable since it needs to be owned and accessed by the web user (usually "nobody") however you can prevent most of this by putting it out of your htdocs folder and accessing it by it's absolute server path.

You should also be able to encrypt the file so that anyone browsing it would be illegible.

Don't know how to do it with perl but with php it's really easy.

:[ Computers let you make more mistakes faster than any other invention in human history, with the possible exceptions of handguns and tequila. ]:

[This message has been edited by bitdamaged (edited 12-08-2001).]

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 12-08-2001 09:50

You can also use Apache's built-in authentication... More information:

http://www.bignosebird.com/apache/a10.shtml
http://www.kelv.net/programming/htaccess/

bms2k
Obsessive-Compulsive (I) Inmate

From: sampa, Brazil
Insane since: Dec 2001

posted 12-09-2001 03:55

Thanx guys! I think I'll try the first solution as I want to have a small html form for login. Well, thanx anyway Mr. Max!

bms2k
Obsessive-Compulsive (I) Inmate

From: sampa, Brazil
Insane since: Dec 2001

posted 12-13-2001 02:44

Ok. I looked on some papers about unix permissions, but I can't set a text file permission so that people viewing my page won't be able to see/view this textfile. Is there a way to make it work?

Pugzly
Paranoid (IV) Inmate

From: 127.0.0.1
Insane since: Apr 2000

posted 12-13-2001 04:32

Your best bet is still to put it above the root folder (as bitdamaged mentioned). Users can't browse above that. Then it doesn't matter what permissions are on the file.

The other option is to use .htaccess file(s). You can still use an HTML form for login, but it will display the username and password in plain text as part of the URL. An example can be seen at Asylum

Try "asylum" for the username and "gimmepills" as the password

When you get in, check the URL.

edit: fixed the URL

[This message has been edited by Pugzly (edited 12-13-2001).]