Looking for the perfect password protection program
I have scoured the web looking for information about password protection for entire sites and member management software. I have learned a few things:
1. The majority of site password protection CGI scripts make use of Apache's mod_rewrite module, .htaccess and .htpasswrd, all of which I know nothing about and not sure if they are included with my host provider, NoMonthlyFees.com (NMF) because I can't find reference to them in NMF's server stats and this is one question that NMF's support people won't answer. I think it's frowned upon if you mess with their .htaccess and .htpasswrd.
Nonetheless, in configuring some of the shareware/trialware scripts I've downloaded just to get an idea of what it's about makes me wonder if I need a degree in computer science! They want me to change the configuration of files I've never heard about and wouldn't know where to find! I probably don't have access to them anyway! Some of the programs make use of "crontab" and others don't. The one's that don't say this is a definite advantage over the ones that do. Some use this thing called "image tagging" which I don't know about and still others use cookies vs. the .htaccess route and claim their methods are better. And some scripts are in PHP and I know nothing about PHP. Some of them are on the configuration level I'm at (intermediate CGI knowledge) but then they don't offer the top-notch security against hackers, hurlers, brute force attacks and password thieves, and they do not prevent password trading/sharing and bandwidth thieves, all of which I'm looking for in site password protection script or program.
2. Prices vary between $50 and $2,000 US. I could afford something in the area of $100 US. Mind you, the programs running $500-$2,000 are basically suited for porno sites and the like, which I'm not running.
3. There are companies/sites that password protect your site from their end and you pay them a monthly fee. I don't like the idea of more monthly fees. Bandwidth fees are enough for me as it is. So ix-nay this idea.
My dilemma now? I can't find a reasonably-priced site password protection script/program that does what I want. I don't want to add code to each page that needs protection. I want to install a script or program and just let the darn thing do what it's supposed to and automatically stop anybody in their tracks who tries to break into my members site, steal their passwords, use brute force to get in, whatever.
Have any of you, in your immense travels around the web and in your vast web experience as web developers, heard of, used, or can recommend such a site password protection CGI script or program that won't break my bank?
Any and all advice is appreciated. *S*
Deanna
Ontario, Canada
EST (GMT -5)
mjames posted this at 21:26 — 10th January 2002.
They have: 2,064 posts
Joined: Dec 1999
You shouldn't let your hosts prevent you from taking the next step with your site if many other hosts allow it. I am surprised they frown upon changing .htaccess/.htapasswrd - hosts typically have no problems with that. Considered changing hosts? Here is a good tutorial on .htaccess if you are interested: http://www.cgiextremes.com/extras/Tips_Tutorials/htaccess.html - otherwise, search HotScripts.com.
Deanna475 posted this at 21:42 — 10th January 2002.
They have: 4 posts
Joined: Jan 2002
Good point mjames. Would that I could change hosts but I've got 6 months left on this contract. Incidentally, I was over at hotscripts.com right now when this notification arrived. GMTA, but I'm still not finding the ideal program. I mean, I want this site to be Fort Knox and merely reporting password sharing does not qualify as Fort Knox in my books! Still looking for a reliable site password protection system. Ideas anyone?
Deanna
Ontario, Canada
EST (GMT -5)
MarcD posted this at 09:48 — 11th January 2002.
They have: 38 posts
Joined: Oct 2001
also maybe look for a php session script
we use those for member managment,
Deanna475 posted this at 13:50 — 11th January 2002.
They have: 4 posts
Joined: Jan 2002
Hi Marc and thanks for your 2¢. I am looking for a reliable membership management script as well. You suggested a PHP session script. At the risk of sounding like the Village Idiot, what is a session script and are there CGI/Perl versions of same? I've never configured anything for PHP although I'm thinking I should start learning fast!
Deanna
Ontario, Canada
EST (GMT -5)
Suzanne posted this at 19:58 — 11th January 2002.
She has: 5,507 posts
Joined: Feb 2000
NMF's doesn't like people to screw with the .htaccess simply because the tech folks don't know much about it. Also, they have, on average, very non-tech-savvy customers.
You can see how that would lead to all sorts of support mayhem!
That said, pop on over to scriptsolutions.com and download PerlDiver -- it will tell you what's on your system and what's installed as far as modules.
I don't believe you have access to rewrite, however you should have access to .htaccess and .htpasswrd
Suzanne
Deanna475 posted this at 20:03 — 11th January 2002.
They have: 4 posts
Joined: Jan 2002
Hi Suzanne. Thanks for your 2¢. I can already tell you that NMF does not list mod_rewrite as an available module because they have PerlDiver available in their support section -- it shows you everything that's installed. That having been said, I wouldn't want to mess with anyone's .htaccess and .htpasswrd if I didn't have to, except I'm finding it extremely difficult to find a solid, Fort Knox-like site password protection that *doesn't* make use of either. The search is still on if someone knows of such a program that will protect my site from password sharing/brute force attacks, password thieves and the like, I'd be most grateful.
Deanna
Ontario, Canada
EST (GMT -5)
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.