Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Page 1 of 2 1 2 LastLast
Results 1 to 10 of 19
  1. #1
    Senior Member mafunk's Avatar
    Join Date
    Sep 2003
    Posts
    115
    Member #
    3277
    Hi,

    My client would like me to create a secure download page on his site that is password protected. He wants his IT guy to be able to change the password on a regular basis. He wants total control over the clients ability to access this stuff.

    Here is his idea on how to approach it:
    He wants to be able to send an email to his clients that has a link that directs the clients to this password protected area. However, he wants it such that when the client clicks on the link he gains access to the area without having to type in a password. (in otherwords the password in embedded in the email). However, if someone goes directly to the site, not throuhg my client's email, that person could not gain access without typing in the proper username and password. I think he wants to do this because that way he is never actually giving anyone the actual password.

    What do you think about his idea? Would it work and be secure? If so, do you have any idea on how to pull it off?

    If you don't like his idea, do you have any ideas that may work better?

    Thanks
    MaFunk

  2.  

  3. #2
    Junior Member
    Join Date
    Oct 2003
    Posts
    5
    Member #
    3457
    Pretty much like porn sites, IMO. You could try to search some porn resource sites but sorry, I don't know any .

  4. #3
    Senior Member mafunk's Avatar
    Join Date
    Sep 2003
    Posts
    115
    Member #
    3277
    Pretty much like porn sites, IMO. You could try to search some porn resource sites but sorry, I don't know any
    hmmm - This is an electronics company . I would rather not peruse porn sites to find a solution. Perhaps I will keep looking. Thanks.

  5. #4
    Senior Member mafunk's Avatar
    Join Date
    Sep 2003
    Posts
    115
    Member #
    3277
    I looked around the net and can't seem to find a script to do what I mentioned above. My client is insistent that I do it. I told him that it wouldn't be very secure, and he said, "I don't see how it will be any less secure. . . This doesn't have to be Fort KNox. . . I just don't want it available to the general public." I tried to reccomend some options that I thought were more appropriate, but he wouldn't go for it.

    I know how to password protect files and areas, but I don't know how to password protect a file, then to send someone a link to that file in email such that the person clicking on the link can access the file without typing in the password. Can anyone help me? I can't find the answer on the net,. .

  6. #5
    WDF Staff Wired's Avatar
    Join Date
    Apr 2003
    Posts
    7,657
    Member #
    1234
    Liked
    137 times
    Ultimately the link you send would have to have the name and password embedded in it, thereby eliminating the need to send the link for "security" anyway. However, with a site that people login to, with a cookie, someone can click on the link and use it, as the cookie auto-logs someone in. It's like when you're permanently logged into a message board like WDF. You get an email about a thread, and you reply to it without having to login or anything, because the cookie's done it for you.
    The Rules
    Was another WDF member's post helpful? Click the like button below the post.

    Admin at houseofhelp.com

  7. #6
    Senior Member mafunk's Avatar
    Join Date
    Sep 2003
    Posts
    115
    Member #
    3277
    There will only be one page on the site that will be password protected. That page will have downloads to product specs, which the clients wants potential customers to be able to download ONLY when given access. He wants to change the password frequently.
    He does not want the client to EVER actually type in the password themselves. Rather he wants them just to click on a link in their email to get to the page.

    How would I do this?
    I know that step one is to created a password protected area. And step two? To create a cookie? But what if they've never logged in to begin with?

    Sorry to be so dense. Can you explain further?

  8. #7
    Senior Member mafunk's Avatar
    Join Date
    Sep 2003
    Posts
    115
    Member #
    3277
    Still, I think the way you want to isn't a good way..What's wrong with an ordinary login form where you can login yourself?
    I agree. Problem is I have a stubborn client and he will not go for any other solution.

  9. #8
    Senior Member splufdaddy's Avatar
    Join Date
    Feb 2003
    Location
    Boston, MA
    Posts
    4,488
    Member #
    735
    Does he know a lot about computers/the internet? Your his technology guy, tell him what he wants to do is not possible. Break it down into non-computer terms: he wants to create a password protected area that people can access, while never sending out a password! If you want to protect an area, people accessing the site need to prove that they should be accessing it. One way to make this guy happy may be to send out the emails in HTML format, and while the url appears to be www.HisSite.com, it's really usernameassword@hissite.com (or whatever the proper syntax for that is). Downside to that though: not everyone can or wants to recieve HTML email.

  10. #9
    Senior Member mafunk's Avatar
    Join Date
    Sep 2003
    Posts
    115
    Member #
    3277
    One way to make this guy happy may be to send out the emails in HTML format, and while the url appears to be www.HisSite.com, it's really usernameassword@hissite.com (or whatever the proper syntax for that is). Downside to that though: not everyone can or wants to recieve HTML email.
    '

    Hmmm. . . that could work. Trying to get this guy to change his mind is like trying to move mountains - just ain't gonna happen. But your solutions sounds alot easier than having to do a MD5 hash AND then having to create a user friendly admin interface to manage the hash and mailing lists (which is what one person reccomended to me).

    Do you have an idea about where I can find the actual sytax that for
    usernameassword@hissite.com
    ?

    Thanks for the idea.
    MaFunk

  11. #10
    WDF Staff Wired's Avatar
    Join Date
    Apr 2003
    Posts
    7,657
    Member #
    1234
    Liked
    137 times
    As I said earlier, that's still a redundant idea. It may give the appearance of security, but it won't prevent anyone that's not authorized from getting in, even if the password is md5, as they can just send the hash.
    The Rules
    Was another WDF member's post helpful? Click the like button below the post.

    Admin at houseofhelp.com


Page 1 of 2 1 2 LastLast

Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 03:38 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com