If anyone has the time, I need some advice.

What are the drawbacks, if any, to placing folders I would like to protect in the cgi-bin (e.g. beta sites)?

Background:
I am currently using a password protection script for client entry into their beta sites and other protected areas. After I bought a password-protection script, I discovered that once the client got into the area they could simply bookmark the page and by-pass the log-in procedure completely.

The script provider is suggesting that I place my files in the cgi-bin (they noted that the server does not seem to take the .htaccess commands).

Decision:
Do I pay the $75 bucks for the customized script that will ensure clients are forced to login and cannot bookmark the page. If not, what questions should I poise to the script provider?

All help is appreciated.

Do I pay the $75 bucks for the customized script that will ensure clients are forced to login and cannot bookmark the page. If not, what questions should I poise to the script provider?Well, you say they can bookmark the pages inside the protected area, so that script seems rather useless to me. Setting a .htaccess config file is really the most managable solution. If the host you have now doesn't support that then my recommendation is to find a different host.

What you want can be done with a simple CGI program and file permissions. I know that the example I am going to show you is not exactly what you want (well I'm not sure, I don't really know what beta sites are) but anyway, it is just an example of what you can do using this method.

go to http://btscl.com/cgi-bin/fileManager.pl and log in using the username: user and password: pass.
The passwords are encrypted using the crypt module in perl so are secure.

The files are located in http://btscl.com/cgi-bin/secureFiles/ by the way.

If you can use this post back.
Regards

Thanks for your help.

I will check it out.

Scriptage,

I just bookmarked your page after logging in, closed my browser, then opened it up & jumped right to it.

Try again. I'd like the answer to this one, too.

yeah i found that too. the problem with the program at the moment is that you can bokmark the url that has the username and password in it. I'm currently working on a simple way around it. I will set the username and password in a cookie, then redirect to the fileManager.pl file after login, this will stop the username and password url from being bookmarked.
If you want this program once complete, you can have iot for free.
Post back if you do.
Regards

I've got the program working...you can not bookmark the page now!!!! neat huh

Originally posted by Scriptage
If you want this program once complete, you can have iot for free.
Post back if you do.

Yes, thanks. I'd like a copy. You can either post the code here, or email it.

Aronya1
aronya1@aronyanet.com

Thanks again

You can have the program, no problem, but...
At the moment when you log in the program gets a directory listing of the secureFiles directory and displays a link to each file. If you are wanting a traditional members area where the members see a standard html page with links to downloads and other sections then the program will need to be modified. If you would like to post back, or email me at btscl@aol.com with your specifications then I would be more than happy to modifiy the program to your needs.
Regards
Carl

the new custmisable version is now up and running at http://btscl.com/cgi-bin/securesite.pl