Fog Creek Software
Discussion Board




Knowledge Base
Documentation
Terry's Tips
Darren's Tips

Making a "hidden" article

I am making a travel website using citydesk and there are pictures and comments I'd rather not share with the entire world.

Is there a way to make part of my citydesk website hidden or password protected? I'd like to maybe have a link I send only to friends or a private sector. Any ideas?

victor mclaughlin
Thursday, December 26, 2002

You can do a coupl'a things. I don't think CD however has a way to do this. Here's a little trick:

Make an index.html and index.htm or whatever your web host uses as an index document, then fill it with the error message you get when there is an Internal Server Error 500 or any other error a browser receives when something is wrong. You place this index file into your "secret" directory and when a user unexpectedly tries to view the directory contents they receive this "error message" heh, heh.

Or, you can have your web host set a directory up with certain permissions which require a login and a password. Or, you can get a program like flix and have your host install it ( they probably won't). It really depends on what your host is. If it's unix/linux I think you can use the .htaccess file (something like that, call your host) and you can do the security yourself.

There are a lot of other things you can do if you know how. But I like the fake index.html thing.

John

John Cesta
Thursday, December 26, 2002

The fake index file is a good idea, but it might be overkill.  If no-one knows about the existence of www.mywebsite.com/my_secret_subdirectory , then no-one is likely to try poking around there.

Alex Chernavsky
Friday, December 27, 2002

Just as well then. A secret area then is not required...problem solved.

BTW, the fake index takes about 10 minutes to create. You can even create it in CD itself and have CD FTP it to the site.

I think the original question was: Should someone happen to browse the secret directory they would want it to be restricted. BUt they would want to e-mail a URL to friends and point them to the secret directory.

John

John Cesta
Friday, December 27, 2002

Thanks for the advice, I understand the concepts that you all are talking about... the real problem I'm having is doing all this with CityDesk by itself. I set up my own website using HTML and uploading it how I want it... but I bought citydesk for my non-computer literate brother and he needs to be able to do all this within city desk.

I set the "audiences", but all that did was make acessible directories on the index.html page; it didn't keep either of them hidden or private. Any other ideas?
Thanks!

victor mclaughlin
Friday, December 27, 2002

CityDesk can publish any type of file.

If your website is being run on an Apache host, you can create a file called ".htaccess" (it may work on IIS, too, but I avoid IIS personally). You may need to configure CityDesk to properly understand this filename (because it looks just like an extension). A quick test didn't let CityDesk edit .htaccess immediately; I suspect I could add it as a known extension and it would work. An htaccess like the one that follows would give password validation:

AuthUserFile /home/mysite/group-pass.pwd
AuthName    "My Hidden Site"
AuthType    Basic
order deny,allow
require valid-user

Unfortunately, you'll also need to use the command-line and a program called "htpassword" to create "group-pass.pwd". So, this can't be done entirely within CityDesk, but this is a relatively secure way of protecting a directory (as long as the goup-pass.pwd file is NOT in the directory of files shared; my site would be in /home/mysite/www/*).

Alternatively, you can create a JavaScript application which does this, but that is inherently insecure (the question/answer response would be visible in the page itself).

-austin

Austin Ziegler
Sunday, December 29, 2002

Old post, but I just thought to add, that you can create your own .htpasswd files (where you keep the usernames/passwords) without the need to telnet to the server and run the command line htppaswd!

Just go to http://www.euronet.nl/~arnow/htpasswd/ and paste the result (like "test:49JtMU7ty4V.2") in a file, each on its own line.

Bob
Wednesday, February 19, 2003

*  Recent Topics

*  Fog Creek Home