Aug 9, 2000, 3:24 AM
Post #3 of 3
I've solved my own problem. (Having searched for 'password' in these forums and read about every result).
Re: Password protection without .htaccess
[In reply to]
CGI scripts completely ignore .htaccess hence the following scheme is possible.
Protect the data directory using .htaccess. Only you know the password so it is secure.
chmod the directory to 777.
Now write a CGI script that will open and read files in the protected directory, the files it will read depends on the user.
You have to be very careful to use absolute paths and to check input for unix meta characters, and .. to avoid hackers, but as the script is running as the nobody user (not setuid as I originally thought) it is inherently safer.
A Yahoo! mail style login can set a cookie to maintain state, and if necessary a session file can be created for the user.