anti — Tue, 20 Jul 1999 00:40:00 +0000

Hi,

1. Put an "index.html" in the directory. If the webserver is configured in a "secure"-way it should respond with that file even if you are trying to get "/password/".
or
2. Use the ".htaccess" to forbid directory-browsing. (sorry I don't have my apache-reference at hand.)
or
3. use a provider with a secure configured system. Directory browsing should be disabled by default and enabled on a dir-by-dir-basis.

ciao
Anti

Mon, 19 Jul 1999 00:23:00 +0000

I am assuming that you are using ASP to require the password... What you would want to do is put a snippet of code at the top of each of your pages that looks like the following:
<%
IF Session("password" = "" OR Session("password" <> "[your password]" Then
Response.Redirect "/password/password.asp"
Else
%>

That will require the password to be entered into the variable "password" and any page that has the code at the top will not display unless the password has been entered. You will want to do some password checking on password.asp and then, once the password has been entered correctly, pass it to a session variable and move on to a secured page. Now this script will only work for one person but it can easily be modified to accept multiple passwords and/or users.

This isn't 100% secure (as nothing is) but it is about as secure as you can get for doing what you would like.

<edit>
I hate that! Each yellow smiley face actually represents a )
</edit>

----------
Dynamic Internet Solutions : http://www.dids.com
UNIX and Windows NT Hosting