Keeping self-portraits behind a password

[gloria_hopkins]

Hi all: I have a website which was designed to promote my nature

photography business. I have done a series of nude self-portraits

that I feel are quite good and I would like to be able to direct

select people to their locations on my website.

 

Of course, I don't want my nature photography customers looking at my

nude self portraits, rofl. So, is there a *foolproof* way to hide

images behind a password? I can create them in Flash or HTML. If

anyone has done this or knows of anyone else who has done this, I'd

love to talk to them.

[don_nguyen3]

Hi Gloria, first I have no knowledge of flash. Up to my knowledge the only way to hide images behind a password fullproof is storing your images in the database, and use session control to allow visitors to see pages with images only when he/she login. For example I believe photo.net use session control to permit only logined users able to post an answer, otherwise un-authorized users are directed to not authorized page. However the point is what your web hosting ofter ? PHP with mysql/PostgreSQL, Jave Servlet with mysql/PostgreSQL, or ASP with M$-SQL. I can help you with pay (not seriously) :)

[ber]

Hi Gloria,<br>

It's realy easy to do if the server where your web page is hosted allow it.<br>

If it's a Apache webserver (mostly used on the internet) you can use .htaccess files wich allow to protect directorys of your web files tree.<br>

If it's the Internet information server (micro$oft) then it's an other way, but the idea is the same.<br>

If you work on the server side you don't need any scritping.<br>

<br>

Feel free to contact me over ICQ (116863251) or email and I will help you with this. :-D<br>

<br>

Regards,<br>

Marc<br>

[briany]

Marc's advice is good. Whatever you do, don't use a free javascript-based authentication scheme. Apparently you can get them from the web, and the ones I've seen are horribly insecure. They just prompt for the password and then compare it to the password behind the scenes. If you are moderately competent, you can just open the source and find out the password as well as the URL that you get sent to. I checked your server, and got "Server: Apache/1.3.27 (Unix) FrontPage/5.0.2.2510 mod_ssl/2.8.12 OpenSSL/0.9.6g" so, as Marc said, .htaccess is the way to go. If you can't do it that way, cookies, a database of users, and server side scripting would work too. Google ".htaccess" and see if you can upload a test .htaccess file to a subdirectory of your web site.

[don_nguyen3]

Hi Gloria, if you choose .htaccess file, here is the tutorial from apache.org :

 

"However, in general, use of .htaccess files should be avoided when possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a <Directory> section in your main server configuration file......." to learn more go to http://httpd.apache.org/docs-2.1/howto/htaccess.html .

 

Have fun :)

[gloria_hopkins]

Thanks guys. I will have to check with my host to see which options are available to me and if I can use the htaccess files. Thanks so much!

[ber]

Don,<br>

I totaly agree with that statment.<br>

However if you are not the maintenaire of the webserver and only got some hosting space (situation of the most people), I would not guess that the root will allow you to "play around" with the main config file !<br>

Maybe he will setup the directory for you but then you "lost" control.<br>

So often the .htaccess file is the only way you have to setup a easy access control.<br>

<br>

Kind regards,<br>

Marc<br>

[gonzalo_blasco]

Is a low-security VERY easy option.

 

Simply don't link your photos in the public pages, and put them in an non-obvious directory.

 

Per example:

 

http://www.mywebsite.net/GGHHJJKK_private/

 

If the page is not linked, and nobody is spying, the URL will be secure, because nobody will discover the directory.

 

Only one tip. DON't put any link (to another site) inside your private pages. When someone hits a link, the origin URL of the page where it was hitted is communicated to the page hitted (destination),in a field called "referral". A bot, a stadistic program, or someone reviewing logs can easily discover your page in this case.

 

If you have more questions email me...

[gerund]

One possibility is to use a password secure pdf file.

These are very easy to put into a website and you need no

special configuration to do so.

 

Gerry