|
||
|
Vol. 1, No. 28 Everyone has secrets. Maybe you don't want your little brother reading your private list of the boys you like, or maybe you're 80 percent done with your time machine design and you don't want those snooping CIA types getting wind of it. Either way, it's most emphatically YOUR BUSINESS, and you don't want anyone seeing it — except possibly a few people that you personally approve. One of the nice things about the Web (yes, another yet one) is the easy security it offers. There are features built in to the protocol to specifically protect pages and directories from unauthorized viewing. Tripod makes it easy to use these features — keeping things nice and private. If you make one of your Tripod directories "private," no one can access the pages in that directory except you and the Tripod members you put on the access list assigned to that directory. It's just that simple and secure. Here's how it works. Go to the FileManager and create a new directory that you can use as your private directory. Just click on the "New directory" button, name your directory (Let's call it "keepout"), and you're ready to roll. You can have as many different private directories as you want, each with a different access list of permitted visitors, but let's start with just one. Move all of the for-your-eyes-only pages that you want to keep private into the "keepout" directory. (To move a file, select it by clicking the checkbox next to it and pressing the "Move" button. But you know that already.) Now, click on the "Privatize" tab at the top of the FileManager. In the Privatize section, you will see all of your directories listed. Check the "keepout" directory and click on the "Make private" button at the top. The next page will prompt you to select or edit an existing access list or create an entirely new list. If you are eagerly reading this tutorial and taking mental notes, chances are you don't have any existing access lists, so just click "Create new list." When you create an access list, you'll have to name it first. You can call it "keepout" also, so we can remember which directory it's associated with. Populate your access list here by entering the Tripod member names of the people you have handpicked to view your page. Add as many people as you like. If you want to add people who are not Tripod members (slim chance, but it might happen) to the list, just ask them to sign up and give you their member name when they do. (Entice them with an invitation to view your juicy private pages and tell them that Tripod membership is FREE!) You will see your access list in its entirety in the scrollable box at the bottom of this page. You can also remove people from your access list by selecting them with your mouse and clicking the "Remove" button. Click "OK" and you'll be brought back to the main Privatize page. If this is your first private directory and access list, the "keepout" list should be automatically assigned to the "keepout" directory. Viola! The directory "keepout" is now private. In the FileManager, it should be marked with a little padlock icon and it should be categorized as a "PRIVATE_DIR." Now nobody but you and your chosen few can see the pages in that directory. Maybe Martha's on your nerves, and you don't want her to see your private pages anymore. No problem. If you want to remove or add people to your access list, or assign a new list altogether to a certain directory, head straight to the "Privatize features" of any directory. To get there, just click the "Privatize" tab, select any directory with an access list that you want to change, and press the "Privatize features" button. There you can see which access list is assigned to the selected directory, as well as edit or delete any list, create a new list, or assign another list to the directory. And there you have the extent of Tripod and its access lists. The people you want in are in; everyone else is out. If, however, you want a little more flexibility, say, to invite non-Tripod members to view certain pages — or just anyone who knows the password — without you having to personally type in their names, here are a few more tricks to put up your sleeve. What your users don't know can't hurt them ... Or you. If there's a directory or page that you don't want the public to see, an easy workaround, without messing with access lists, is just to give it an unlikely name (like "jsdfhnwbjh.html") and not link to it from anywhere. Only those who know filename will be able to type it into their browser to see your precious content. Make sure, of course, that the directory containing the hidden pages or directories has an "index.html" file, or everybody will be able to see a listing of all the files in that directory — including your supposedly secret stuff. To streamline and spiff up the process, you can even hack together a quick bit of JavaScript that will prompt your visitors for a password, which when supplied will lead them to your secret page or directory. (If you're uncomfortable with JavaScript, check out Thau's JavaScript tutorial at Webmonkey now. A word of warning though — if you write JavaScript to prompt for a specific password, your site visitors will be able to get the correct password by viewing the page source — the password is revealed in the JavaScript code. The trick to this is to make the password the same as the filename of the secret destination page. So, if the password is "jsdfhnwbjh" the JavaScript will take them to secretdir/jsdfhnwbjh.html. If, however, they type any other password, they will go to secretdir/somewrongpassword.html, which will be a nonexistent page, most likely. The code could look something like this (polishing it is left as an exercise for the reader):
<script language="JavaScript"> Another advantage to this code is that it allows you to have different secret pages for different (groups of) people, each of whom think, when they're typing the password you gave them, that they are typing the One True Password and going to the only secret spot there is. While in reality, you have one secret spot for friends, one for business associates, and yet another, full of BLINK tags and broken links, where you send people you don't like. You could even add some more code to the bit above to have it pass a cookie to people once they have validated themselves. That way, they only have to type a password the first time they visit the page. You could even combine the JavaScript technique with the Tripod built-in features to enhance your site's security. HINTS, POINTERS, AND TIPS 'O THE TRADE: Beware of the quirks of cookies. If your friend uses her Tripod account to reach your private Tripod directory, and has configured her computer so it logs her in automatically whenever she visits Tripod, her evil little brother will be able to see your private stuff any time he uses her computer. You may want to remind her about persistent log-ins like these and the security issues they pose. All this security is for naught if your secret pages are splashed all over the search engines. You can ask the engine-bots not to index you by including the following META tag on all the pages you want hidden: Pen bust in your pocket? Don't throw out those stained pants just yet. Plain old household rubbing alcohol has miraculous powers when it comes to remove ballpoint ink. Already throw out the pants? Can't help you there. RESOURCES: Thau's Advanced JavaScript Tutorial The redoubtable Heidi Pollock's security advice Excluding search engine robots Webmonkey's guide to user authentication with Apache |
||
|
Subscribe/Unsubscribe
Handcrafted Archive |
