HTML - Directory Security
hi, im creating a script where users will be able to upload files to my site from a form, i was wondering if i could stop files from being executed from the upload directory because if a user desides to upload a harmfull php file them execute it on the site, well it would be bad.
so, can i do this by setting the directory permissions (chmodd) to 444, only allowing reading? thanks! Similar TutorialsI am working with a new client and am trying to access their admin area on the ecommerce site. I think I found the correct directory but am not able to get past a directory security pop up that asks for login information. Of course the client does not have this. I have FTP access and am trying to figure out if I can get around this pop up and finally get to the admin login. There is a .htaccess file with the following contents: PHP Code: #AuthType Basic #AuthName "OS Commerce Administration" #AuthUserFile "/home/lucid/.htpasswds/catalog/admin/passwd" #require valid-user I've removed this file completely and I still get that pop up. Can someone help. Please. Sorry I am not sure if this is the right forum but i have a qestion: Hi I currently have a web application that presents a user with a username and password box (text boxes) - once the user registers their password is encrypted and stored in a database. My question is this - the password is sent from their machine to the server in plain text. Is there a simple way of encrypting the form without using javascript to make it more difficult for their password to be seen across the internet/network Also are there basic security issues i should look into or does any one have any resources/links that will help me make a secure site. PS the client may not have the .NET framework installed so no .NET solutions please Thanks and sorry for the general nature of the problem Dan. Hi, I have made a website for a friend and it has a guestbook. The problem is that someone makes lots of entries and link to sex sites and things like that. I guess mabye its a program somone made to do this, but its really annoying. Is there a common way of solving this problem? I have some ideas but dont know how to do it: 1: How can i check entries if they contain cirtain words, and if they do, not make that entry. 2: How can i make entries with a html link not enter in the guestbook? Or HTML code at all. Hope someone can help me out. Parashurama Hi guys, I need help with password protecting a specific area of my website. Easy?! Me thinks not. Here is the challenge... I need to create a popup box that appears when people navigate to a specific page of my website. No username, just a password to continue. HOWEVER!!! the page(s) can only use HTML due to browser restrictions. If anyone has a way of doing this then please let me know. If you need more information please ask. Ill try anything you throw at me and let you know if it works. Please also send a short detail of how to use whatever you send if it is slightly ambiguous to apply. Hope to hear from yous all soon!! P.S. The password cant be 'EMBEDDED' in the actual page itself, because to me that is not really defined as 'secure'. Its like having a post-it stuck to your credit card with you PIN number on it. Encryption is allowed and works in this specific browser. Hi, just wondering if there was any way of having a little password box without too much messing. Also without somebody being able to view the source and find out the password. I know some companies do this sort of thing but you have to pay for no ads. Preview: You just enter your password, click a 'Login' or 'Enter' button and away you go to another page. But if you get it wrong you just go to a 'Wrong Password' page. At this address: http://into.net23.net/ beyond the index page lies just one other file, an .html page, on that page is a string of characters. This is a website created to test security for a website at a different address, it is my hope to keep paid content there using this format, without using any genuine security. I have tried all i know to find the page, download the entire website. nothing has yielded this page yet. Can anyone find this page and tell me what this string of characters is please? Or is it genuinely secure? Hi Guys, I have created a basic secure login for members to my site. There is noting really secure on the members area but it started me thinking on what I can do in order to improve security. Does anyone have a set of steps they follow when creating a login using php and html pages? How do I stop people just going straight to the succesful login page and bypassing the login screen for example? Thanks all PLEASE SEE POST NUMBER THREE Original 1st Post: I need a form to ask three Security-like questions to the user, before directing them to a page where they may download stuff. i resently used the folowing site to create an email form, and would like to know whether there are any services that provide the Questions code http://www.emailmeform.com/?page=cphome is there any services like that one, or can anyone give my a code to solve the problem. is there something I can do to my site, which is giving people the security certificate errror page? TIA Hey, I'm new but I'll tell all of you right now that I've googled and searched all over this forum for a relatively simple problem. I built a website (http://www.kingklick.freehosting.net) which is essentially a fake front for my underground website. We use it to post data on how to get around the schools unfair internet security (Not just myspace either..) They block anything questionable. We tried proxies but they blocked those too. So far, I have it so that the hidden link goes to this page, http://www.kingklick.freehosting.net/coms.html were it asks for a password. I have it so the password is encrypted (PW: death) and the page it would go to is ...death.html - the password. If they see this, they could block it, so it auto-refreshes in 0.1 seconds to real.html which is the actual page. Real problem: When you type in the full URL, http://www.kingklick.freehosting.net/real.html it does not prompt you for the password, nor does it bring you to the password page, it bypasses it! The second problem is that once you type in the password and click enter, you can click the "Back" button on the web browser and the URL reads: http://kingklick.freehosting.net/com...assword2=death -With the password right in the URL!!! I need code to make the real.html prompt for the password every time you log in, and I want to somehow encode the URL so the password isn't displayed or recorded in history. - This is for a good cause. All of our browsing freedoms have been taken away. Not like normal either, we've been completely screwed and can only use educationally based websites. They block others that they haven't seen which really limits my ability to research and do work!!! The security of my informative site is incredibly important and everyones help will be returned in the utmost respect from everyone here at my High School. http://www.website.com/thisisapage/ ^Can somebody explain how to set up directories on my website as such. Because this seems to be saying that a directory is a file, even though I know that is not the case. Shouldn't all pages have an extension of some sort and does this have something to do with SSI or something? Hey all! I am having trouble figuring out how to fill a list with the names of the folders in a certain directory anyhelp would be great! EDIT: I need to figure out how to get all the folders names from "www.mysite.com/files/" and add them to a list in dreamweaver and what ever one i click on it loads all the files from that folder to another list... anyone got any direction i should go... I pretty clueless but am still googling info trying to catch something... Thanks! Hey I've got this issue with a website of mine even though my html link says /members/patrolroster.html once i am there (patrolroster.html) all other links from that (and all pages inside the /members directory for that matter) page via the nav menu get /members affixed onto them (eg, what should just be index.html turns into /members/index.html). My html says it should go to index.html but where is /members coming from? Im puzzled at why it affixes the directory the file is in onto all outgoing links. Take a look at the site if you like its, http://www.wyeriverslsc.asn.au/ Any help is appreciated, Tom Hi, I'm building a site for a dj record pool. I set up a paypal subscription button and ".htaccess, .htpasword, process_txns, paypal.pl" scripts on the site. I'm looking for a way to provide individual links for all mp3 downloads (10 gigs worth), without having to type in all song titles every week when new files are uploaded. Is this possible? Thanks I'm wanting to be able to look into a certain directory and pull whatever is in there and make it a link on the page so the person that is vewing it can pull up what is in that directory. All that is going to be in the directory is going to be documents, and I don't want to have to edit my html document every time there is a new file put into the directory. Is there a way to do this in HTML? The IT Industry in India is booming! Here is a great opportunity for you to sell your products and services to this industry which is rapidly expanding. Subscribe to India's most comprehensive Online IT Directory! Features: >> You will be able to search an IT Company (ies) >> Drill down to details like Address, Area, Pin, Phone, Fax, Email, Website, Year of Establishment, About the company. >> Product & Services offered by the company. >> Contact details of Top executives including Managing Director, President, CEO, CTO, CFO, HR Manager. etc. >> Continously updated and verified. >> Generate mailer labels by executive title. To subscribe logon to www.itdatahouse.com Regards The itdatahouse.com Team +91 80 23537776 ext 1 URL: http://www.itdatahouse.com I use a program (Guardian) to send me notifications when an error occurs on my site (404, 403 etc.) These notices contain the URL causing the error and the referring URL. Lately I have been getting numerous notifications with URLs to directories without index files (On a side note, these URLs also contain within them, urls to other sites. I assume this is some spammer technique and I am not too concerned about this in this post but if someone can shed some light on how/why they (the spammers) do this I would appreciate it.) My purpose in posting here is to find out about the use of index files in directories. I have read that this is a good idea, but I have yet to hear why except that in case someone navigates to the URL of the directory rather than the actual page URL, then they will not get a 403 error message, but this seems like a rather weak reason to me. Is there another reason? SEO reason? Technical reason? If I find good reason to do this, is it enough to just put a blank index file in each directory? If so why? What purpose does it serve (aside from thwarting the spammers doing what I described above.) Thanks in advance for your help. I have a folder/directory with lots of photos in it. I want visitors to be able to click a link and download the entire directory (rather than having to load every individual photo file). This way, they can copy to their own computer & perhaps burn a CD. I'm using <a href="http://mysite.com/images/CD_directory/"> but this is NOT working the way I want; it shows an INDEXING of all the photo files, and doesn't allow for clicking the Directory itself. How can I get around this & offer this Directory for download? Thanks! I need a directory chooser control on my webpage please suggest a solution ASAP.... <input type="file"/> this creates a file chooser the same way I need a directory chooser.... Any solution will do, be it Javascript or ActiveX. Prompt response would be highly appreciated Hi, I'm trying to create my very first webpage. I've got to the final step of uploading it to my host however when I visit the URL, rather then seeing the site I've put so much work into all I see is the following- Directory Listing Denied This Virtual Directory does not allow contents to be listed. This is how I made the site, designed and made on Macromedia FIreworks 8. I then proceeded to slice the page (it's only a single page) and exported as HTML & Images. I then opened the saved HTML file in Macromedia Dreamweaver and proceeded to correct the src parts to point where I uploaded them to my host. Now, once I'd done all that, I upload the saved HTML file to my main htdocs folder via FTP and it should work? But it doesn't, it simply displays the above error message. I'm pulling my hair out, would anybody be kind enough to have a look at my HTML file point out where I am going wrong? Thanks in advance. |