SitePoint Sponsor |
|
User Tag List
Results 1 to 7 of 7
-
Aug 15, 2005, 09:12 #1
- Join Date
- Oct 2003
- Posts
- 440
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
.htaccess: automatic daily password change?
Hey,
Is it possible to set up .htaccess/.htpasswd files with a cron job or something so that the password automatically changes every day? I will need a way to get the password so that I can give it out to certain people.
Thanks.
-
Aug 16, 2005, 08:36 #2
- Join Date
- Oct 2003
- Posts
- 440
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Any ideas? Maybe there's a CGI/Perl script out there for such a thing? I haven't been able to find one on Google or at HotScripts.
-
Aug 18, 2005, 12:34 #3
- Join Date
- Aug 2005
- Posts
- 512
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It can be done.
You can prepare many password files in advance,
and rotate them by cronjob. Very easy.
Example:
Let's say, you have 31 pre-generated password file named as .htpass-00 to .htpass-31
04 00 * * * D=`date "+\%d"`; cp -f /path-to/.htpass-$d /path-to/.htpassword
You can generate password file each day, dynamically based on certain rules, too.
On the even day, the users have to add the date to the username and password,
and on the odd day, they have to add the date in reverse order, for example.
You can complicate things more if you like.
But if you want to do this to increase the security, you should rather force https
and install login monitor and alarm system, using ErrorDocument 401,403.
-
Aug 19, 2005, 19:56 #4
- Join Date
- Oct 2003
- Posts
- 440
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by extras
Thanks a bunch!
-
Aug 19, 2005, 22:47 #5
- Join Date
- Aug 2005
- Posts
- 512
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I see.
What kind of password generation rule are you thinking?
I mean, if a script generates password automatically, you should be able to have that, too.
If there is a predetermined rule, like using the date in reverse plus day of the week mixed with certain prefix and/or suffix, you know what is the password for the day.
You can generate ramdom password and mail yourself, too.
(I don't trust e-mail so much, though.)
I still think intrusion detection system offers better security, though.
-
Aug 22, 2005, 18:32 #6
- Join Date
- Oct 2003
- Posts
- 440
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by extras
Thanks
-
Aug 22, 2005, 21:05 #7
- Join Date
- Aug 2005
- Posts
- 512
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
If you know programing, you should be able to find a code that generate password.
You jsut have to combine a code to generate random string and mailing.
All these code components can be found on the web by searching, for many languages
like Perl, Python, or PHP.
You can use salt generation code to generate pass word, most probably,
as we are not talking about very high security using simple http password, anyway.
If you are lucky, someone may write it for you for free, since it's not really a big deal.
If not, you should be able to find someone to do it for a reasonable fee.
But you need to specify the OS (or the encryption method, MD5, DES).
Also, if you are afraid of someone figureing out, mailing isn't very secure,
and you should be using HTTPS.
Ultimately, there is no absolute secret for the data that goes around internet.
And I still think intrusion detection system is much better than password change,
as you will know if someone is trying to break in.
But you are the boss of your site.
Bookmarks