.htaccess: automatic daily password change?

[skyraider]

Hey,

Is it possible to set up .htaccess/.htpasswd files with a cron job or something so that the password automatically changes every day? I will need a way to get the password so that I can give it out to certain people.

Thanks.

[skyraider]

Any ideas? Maybe there's a CGI/Perl script out there for such a thing? I haven't been able to find one on Google or at HotScripts.

[extras]

It can be done.
You can prepare many password files in advance,
and rotate them by cronjob. Very easy.

Example:
Let's say, you have 31 pre-generated password file named as .htpass-00 to .htpass-31
04 00 * * * D=`date "+\%d"`; cp -f /path-to/.htpass-$d /path-to/.htpassword

You can generate password file each day, dynamically based on certain rules, too.

On the even day, the users have to add the date to the username and password,
and on the odd day, they have to add the date in reverse order, for example.
You can complicate things more if you like.

But if you want to do this to increase the security, you should rather force https
and install login monitor and alarm system, using ErrorDocument 401,403.

[skyraider]

It can be done.
You can prepare many password files in advance,
and rotate them by cronjob. Very easy.

Example:
Let's say, you have 31 pre-generated password file named as .htpass-00 to .htpass-31
04 00 * * * D=`date "+\%d"`; cp -f /path-to/.htpass-$d /path-to/.htpassword

You can generate password file each day, dynamically based on certain rules, too.

On the even day, the users have to add the date to the username and password,
and on the odd day, they have to add the date in reverse order, for example.
You can complicate things more if you like.

But if you want to do this to increase the security, you should rather force https
and install login monitor and alarm system, using ErrorDocument 401,403.

All I really want to do is use a single username, and just have the password change daily. I would really like to generate a random password, as having loads and loads of file will be difficult, and it's not too hard to figure out the pattern. Is that possible? If so, how would I retrieve the password each day?

Thanks a bunch!

[extras]

I see.

What kind of password generation rule are you thinking?
I mean, if a script generates password automatically, you should be able to have that, too.

If there is a predetermined rule, like using the date in reverse plus day of the week mixed with certain prefix and/or suffix, you know what is the password for the day.

You can generate ramdom password and mail yourself, too.
(I don't trust e-mail so much, though.)

I still think intrusion detection system offers better security, though.

[skyraider]

I see.

What kind of password generation rule are you thinking?
I mean, if a script generates password automatically, you should be able to have that, too.

If there is a predetermined rule, like using the date in reverse plus day of the week mixed with certain prefix and/or suffix, you know what is the password for the day.

You can generate ramdom password and mail yourself, too.
(I don't trust e-mail so much, though.)

I still think intrusion detection system offers better security, though.

Ok, what would I do to generate a random password and mail it to myself? It needs to be truly random; it can't be a pretermined rule because someone might figure it out.

Thanks

[extras]

If you know programing, you should be able to find a code that generate password.
You jsut have to combine a code to generate random string and mailing.
All these code components can be found on the web by searching, for many languages
like Perl, Python, or PHP.
You can use salt generation code to generate pass word, most probably,
as we are not talking about very high security using simple http password, anyway.

If you are lucky, someone may write it for you for free, since it's not really a big deal.
If not, you should be able to find someone to do it for a reasonable fee.

But you need to specify the OS (or the encryption method, MD5, DES).

Also, if you are afraid of someone figureing out, mailing isn't very secure,
and you should be using HTTPS.

Ultimately, there is no absolute secret for the data that goes around internet.
And I still think intrusion detection system is much better than password change,
as you will know if someone is trying to break in.
But you are the boss of your site.