PDA

Click to See Complete Forum and Search --> : How to Make HTML pages Secure

sanjeev.krarora
December 22nd, 2007, 05:20 AM
Hi,

I have designed some simple HTML pages. those pages are lying on a network drive in some folder and that folder has access to all users. I am now facing some issues with this.

1. I want that folder to be secure so that no one can access it, but at the same time they can access the website. Like creating a shortcut of main page (index.html) onto their computer, but if they try to open that folder, even if they know the path, it will not open.

2. the second issues is i want the first page to be in such a way that it asks for user name and password.

3. the third question that i have is i also want some kind of log/database to be created once user logs into that website. like how many times did the user logged in and what was the time

please help me with this.

Thanks in advance

Steve
HackmanC
December 23rd, 2007, 04:39 PM
This will be inconclusive until you post the "actual" configuration.
You are using Windows ? Linux ? You have a domain ?
The shares are SMB, NFS, WebDav, FTP, etc...

1. Security is a huge concern in every OS, but there are tools to enhance it.
2. If you are using Windows in a Domain, can configure user ACL's.
3. Logging only can be performed with third party tools or extended tools.

Like I said ... only when you post the whole configuration, you can have
a definitive answer... for now ... this is the nearest thing I can imagine...

Linux + Analog + Apache + WebDav + FTP or
Windows + (Third party log) + IIS + WebDav + FTP

Expanding with Windows XP/2003 Server:

1. The .html files are in a network drive, put inside an Internet Information Server (IIS) and un-share the folder, users can see the html in http://yourhostname/thepage.html.

2. Configure security in IIS with "Windows Autentication" or "Clear Text" (Remove "Anonymous"), when the user want to see the page, or it's a domain user or have to provide user + pass.

3. Configure logs in IIS (Add "User" to the default logs) or the Domain Server.
PeejAvery
December 23rd, 2007, 11:40 PM
I agree that not enough information was given. However, your best option for security is going to be configuring .htaccess if you are using Apache. If you are not, then you will have to put authentication headers at the top of every page that you want secure.