Pattern Format Problem

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
keith-f
-


Joined: 27 May 2003
Posts: 18
Location: North East England

PostPosted: Sun Aug 01, 2004 1:36 am    Post subject: Pattern Format Problem Reply with quote

I know this is probably a dopey question, and one that has heaps of previous answers, but I just cannot fathom out how to protect a members only area. I'm hosting a kids swimming club, and there's that many damned perv's out there everything has be as tight as a crabs @rse, or the authorities will close me down.

Anyway, How do I create the virtual path to read several extensions. I can block the *.html and *.jpg etc with seperate path names but is there a pattern format which allows/deny's ALL.

I may not be making this too clear, I need to allow/deny everthing within the members directory, not just specific *.html *.jpg etc.

The slightest clue would be most appreciated.

Best Wishes to All

A Well balanced diet is a beer in both hands!
_________________
Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt!
Back to top View user's profile Send private message Send e-mail
iNaNimAtE
-


Joined: 05 Nov 2003
Posts: 2381
Location: Everywhere you're not.

PostPosted: Sun Aug 01, 2004 3:08 am    Post subject: Reply with quote

That's called "Access Control." In the console, you type the virtual directory you want to allow/deny.
_________________
Bienvenidos!
Back to top View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
keith-f
-


Joined: 27 May 2003
Posts: 18
Location: North East England

PostPosted: Sun Aug 01, 2004 4:05 pm    Post subject: Reply with quote

Yes, I have that bit, I did say I probably wasn't explaining things to clearly.

The Problem I have is that in the access control panel I define say, /members/*.html then that works fine. The server denies access to all but authorised. But, if someone calls /members/mypicture.jpg, access is granted without being tested.

I would have thought under the logic of using a wildcard then *.* would deny all but authorised but there are exeptions.

So far I've looked at using syntactical strings to block *.html ,*.jpg etc but it dosn't like it - unless I have the syntax wrong!

A Well balanced diet is a beer in both hands!
_________________
Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt!
Back to top View user's profile Send private message Send e-mail
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA

PostPosted: Sun Aug 01, 2004 4:20 pm    Post subject: Reply with quote

The syntax for password protecting mypicture.jpg & all other jpeg's , you
should use the following example below , this will only protect the jpegs
in the members area , I hope this is what you want done , did this help ?

/members/*.jpg
Back to top View user's profile Send private message Visit poster's website
Stone-D
-


Joined: 09 Jan 2004
Posts: 90

PostPosted: Sun Aug 01, 2004 5:32 pm    Post subject: Reply with quote

This is something I've been meaning to look up myself.

If I wanted to protect everything in a directory AND everything in each subdirectory recursively, would :

/db/*

suffice? Or would I need something like :

/db/*/*/*/*/*/* etc?
_________________
--
Look, no SIG!
Back to top View user's profile Send private message
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA

PostPosted: Sun Aug 01, 2004 5:38 pm    Post subject: Reply with quote

You would just need /db , now wasn't that simple !
Back to top View user's profile Send private message Visit poster's website
keith-f
-


Joined: 27 May 2003
Posts: 18
Location: North East England

PostPosted: Sun Aug 01, 2004 6:20 pm    Post subject: Reply with quote

Where does the db bit come into it? or is that just an example.

So what your saying is to protect EVERYTHING in my members directory I would use the following:-

/members

Y/N


Sounds good to me !

A Well balanced diet is a beer in both hands!
_________________
Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt!
Back to top View user's profile Send private message Send e-mail
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA

PostPosted: Sun Aug 01, 2004 6:35 pm    Post subject: Reply with quote

The answer is Yes ! anything in /members is protected !
Back to top View user's profile Send private message Visit poster's website
keith-f
-


Joined: 27 May 2003
Posts: 18
Location: North East England

PostPosted: Sun Aug 01, 2004 6:59 pm    Post subject: Reply with quote

Thanks TP...

Works a treat.

Next Question. Can you change the timeout from a suscessful login. For example once the user has logged in successfuly, if you leave the protected area, but come back an hour or so later, you are still logged in.

This could prove a problem with Kids using a School machine.
_________________
Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt!
Back to top View user's profile Send private message Send e-mail
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA

PostPosted: Sun Aug 01, 2004 7:03 pm    Post subject: Reply with quote

Once you close your browser or empty your internet files , you will have to
login to the members area again , this will keep you from being logged in.
Back to top View user's profile Send private message Visit poster's website
Anonymoose
-


Joined: 09 Sep 2003
Posts: 2192

PostPosted: Sun Aug 01, 2004 8:40 pm    Post subject: Reply with quote

Only closing the browser will clear a HTTP auth login - temporary internet files have nothing to do with it. If you want a session timeout you will have to look into using a cookie based login system, then you can have the cookies expire after x minutes instead.
Back to top View user's profile Send private message
keith-f
-


Joined: 27 May 2003
Posts: 18
Location: North East England

PostPosted: Mon Aug 02, 2004 12:33 am    Post subject: Reply with quote

Thanks you Guy's for your help. It really was appreciated. I can now confidently built this site up without fear of dirty perverts who get an 'Off' from seeing kids in swimming costumes....

If I thought for one minute that chopping their b@lls off would stop them, I'd cheerfuly do it myself with a rusty old hacksaw..... (Ouch!)

Finally, and just to pacify me, How secure is this... Can it be hacked ?

Once again Thanks for your help.
_________________
Keith
It is sometimes wiser to keep one's mouth shut and look foolish, Than to open it and remove all doubt!
Back to top View user's profile Send private message Send e-mail
Anonymoose
-


Joined: 09 Sep 2003
Posts: 2192

PostPosted: Mon Aug 02, 2004 1:48 am    Post subject: Reply with quote

The only weakness you have to worry about is your own passwords - this isn't down to a fault in Abyss, just in how strong you choose to make your own passwords..

If you create a user called "user1" with a password of "password", it will take all of 20 seconds for a determined hacker to run a dictionary attack against your members area and gain access. However, a user of UsEr23b1@ and password of 29N!3(m would take infinitely longer - and hopefully by then you'd have noticed something was amiss in your log file. Whether you can get kids to remember strong passwords and obscure usernames is another matter...
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group