General Lesotho Information
Contacts and Links
News
Membership - Email List and Contact Form
Sesotho Language Audio Files
Maps
Photos
Letters from Lesotho























































































Friends of Lesotho
                    Security
This page is provided as a reference for security methods such as those used to restrict access to member email addresses. The issue has arisen frequently in Peace Corps circles, so I wanted to leave examples for the benefit of others. Two methods are described below, one using the htpasswd command, and the other using Java. Additionally, most web hosting services (differing from Internet service providers) have site management utilities which include password protection. See www.kionic.com as an example. Kionic.com hosts the FOL site. Previously, I used the htpasswd method, but I wanted to retain an example of the Java method because, although less secure, the Java method does not require shell access from a web host.

htpasswd
htpasswd is a UNIX command that requires UNIX shell access from your ISP. The webmaster logs in to the server through telnet or a similar program (on Win95/98), creates a subdirectory for the secure files/pages, creates a password file with valid user names and passwords through the htpasswd command, and finally creates a .htpasswd file in the secure directory to force password validation. For details, see the example on the Linux website.

Java
The idea behind the Java method is that, if properly configured, users won't be able to see the contents of your www directory. If you create a file that is not linked from your other web pages, no one will know it's there except those you have told. The htpasswd option above is preferred because there are utilities to see directory contents in spite of your configuration, but this is beyond the average user. Servers automatically execute files such as index.html (name varies with server software). The FOL site has a file named index.html, so that you need not enter index.html - it just executes by itself when you put in the http:// address. But more importantly, index.html blocks users from seeing the list of directory contents, including any "hidden" (unlinked) files.

So, if users don't know or can't see what files are available, and your links don't connect to them, Java can guide those who have the password to the proper page. First, create the "hidden" page with the name you want to use for a password. For example, if the password is "lebohong", create a page called lebohong.html. Give whatever clues you desire for users to figure out the password.

Then all you have to do is paste in the Java script on the page from which users will jump to the "hidden" page. Use the View-PageSource pulldown menu on your browser to see the Java example in this file.

In the example below, enter the "secret" password (the state capital of Michigan) to pull up the "hidden" file called lansing.html. Use all lower case.

Enter the Password:

... and thanks to John from Friends of Malawi for prodding me to work on this.

The script in this page is as follows:

<SCRIPT LANGUAGE="JavaScript">

<!--start stealth
//---------------------------------
//GoTo SCRIPT BY ALEX KEENE 1997
//INFO@FIRSTSOUND.COM
//---------------------------------
function GoToURL(j) {
window.status=('Connecting....')

var URLis;
URLis = document.URLframe.Dest.value

if (URLis == "" )
{
j.value = "Execute"
alert('\nOops!\n\nYou must enter something');
window.status=('Missing data or Invalid. Try again?.')
}
else
{
j.value = "Validating .."
var location=("http://www.friendsoflesotho.org/" + URLis + ".html");
this.location.href = location;
window.status=('Validating ...');
}
}
//-->

</SCRIPT>

Followed by an entry form:

<FORM NAME="URLframe">
<TABLE><TR><TD>
Enter the Password:
<INPUT TYPE="TEXT" NAME="Dest" SIZE="30" MAXLENGTH="30">
<INPUT TYPE="BUTTON" VALUE="Execute" ONCLICK="GoToURL(this)" WIDTH="50">
</TD></TR></TABLE></FORM>