How to secure word docs, access only via username and password?

I have created a CMS (Content Management System) where
residents can access publicly made available word documents
uploaded via the web by authourised members of a residents
association. (no password needed)
password only needed to upload
I have also created a section for excecutive members only
where documents for coming meetings are kept, but are not yet
available to general residents. (password is needed to view these)
All works fine apart from the executive section, all the
documents seem to get 'spidered' no matter what is in the robot.txt
file.
this i know as i have been tracking visitors to it.
the pages are not yet live or in use as i want to be sure
that these 'not for public viewing' file are not viewed until they
are in the public folder.
each section will have their own folder, but google has
'spidered' all pages! it seems that google and other sites are not
taking notice of the robot.txt, i have read on some sites that this
is common. how they do this is beyond me, i though that you could
only spider a site that had a home page and that you follow all
links contained within this initial page.? seems that this is not
the case.
what other methods can i try out that will protect these
files.
(please do not reply with, do not put them on the site!) i
have had this with other forums in the past.
only sesible answers please.
and thank you in advance for your time.

i have been busy looking around but not finding anything.
My PHP scripts at present accept the word docs and store them
in folders, lets say, www.site.com/secretfolder/...
One suggestion is to have them in a database, this is not
idea, but is going to be the last resort.
the idea i like most is to have the outside the root www
folder.
what i am not sure of is how i allow access to them if normal
access can not be used. i.e. www.site.com/myfolder/file.doc
one way that has been suggested is streaming but this
completely eludes me, i first thought streaming was for sound and
video, but that aside, please can someone provide some links to
sites that show some examples or more information on how i do this.
i do not need the file to be uploaded as i can change my
scripts to upload to the new folder that is outside the root www
folder, what i do not understand is how i get the file back from
this outside root folder to the user that is wanting to view it.
my way of thinking is to create a temp folder inside the www
folder but this means that the files will then be available to the
robots again and if i was to have the folder cleaned after the file
is taken what happens if the server or the persons pc was to crash
or something, then the script will not complete and the file will
still be available to view by the robots.
or is their another way

Similar Messages

  • How do I stop Firefox from filling in usernames and passwords when other people use my computer?

    When other people use my computer, how do I stop Firefox from filling in usernames and passwords?

    *Click the (empty) input field on the web page to open the drop down list
    *Highlight an entry in the drop down list
    *Press the Delete key (on Mac: Shift+Delete) to remove it.
    Remove saved Password(s):
    * Tools > Options > Security: Passwords: "Saved Passwords" > "Show Passwords"
    Password Manager:
    *http://kb.mozillazine.org/Password_Manager

  • How to access to SSO username and password from JPDK

    Hello
    Does anybody know how to access, from Java PDK, to SSO username
    and password of user, currently connected to portal.
    Thank's,
    Tomaz Podbersic

    The portal user's password is one way hash algorithm (MD5) that
    cannot be reversed.
    What you'll have to do is setup a "External Application" and
    save an alternate username/password profile in that area. It
    requires the user to first enter that data (but only 1 time) the
    first time into that application.
    ===========================================
    <HELP NOTE>
    If anyone knows of an API to populate those tables when seeding
    or creating the user names to also seed or create the "external
    applications" user /pass this would be helpful.
    ============================================
    JSP java code:
    ====================
    PortletRenderRequest portletRequest = (PortletRenderRequest)
    request.getAttribute (HttpProvider.PORTLET_RENDER_REQUEST);
    ProviderUser myUser=(ProviderUser) portletRequest.getUser();
    =====================
    From this object instance you can get the user's name, and other
    Portal session info. NOT password.
    The External Application username & password is a bit more
    tricky to get.
    see:
    SQL Login Problems

  • SharePoint 2010 Word, Excel Office Docs keep prompting for Username and Password

    Users access SharePoint externally. They have the URL in their IE Intranet zone. They can login and browse OK but when they click a Word, Excel or Office document they get prompted for Windows Username and Password. This works but is never saved, so every
    time they try to open a Word Document they get a blank Windows Username and Password prompt.
    I have tried every suggestion I can find but nothing works

    Hi BayTree,
    Thanks for the sharing and have a nice day.
    Regards,
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected] .
    Rebecca Tu
    TechNet Community Support

  • Connecting printer to a secure wireless network which requires both username and password

    I have the hp photosmart 6510. I have it in my college dorm, which has a secure network with requires both a user name and password. I need help setting it up as I can't seem to get the printer to enter a username and password. I know the printer works and I know that my computer can print wirelessly with the printer. My college game me this setup configuration.
    Configuration Item Preferred Value Optional Value (less preferred)
    Network Name of SSID umd-secure  
    802.1x Operating Mode
    (note: 802.11b is no longer supported) Infrastructure or Network (not ad hoc)  
    Security Mode Enterprise (not Personal)  
    Network Authentication WPA2 WPA-less prefered
     Data Encryption CCMP or AES (TKIP-less prefered)
    Roaming Identity or Outer Identity anonymous  
    Authentication Type or Outer Authentication TTLS (PEAP-Less prefered)
    Authentication Protocol or Inner Authentication PAP (MS-CHAPv2-less prefered)
    Validate Server Certificate or Verify Server Name Yes  
    Certificate Issuer or Trusted Root CA Thawte Premium Server CA  (Any Trusted CA -less prefered)
    Server Name or Certificate Name wireless.umd.edu  
    Server Name must match Yes  

    Hi @hatyai ,
    Thank you for visiting our English HP Support Forum. We are only able to reply to posts written in English. To insure a quick response it would be advisable to post your question in English. The following links are here to assist you if you prefer to post in the following Language Forum.
    English: http://h30434.www3.hp.com
    Spanish: http://h30467.www3.hp.com
    French: http://h30478.www3.hp.com
    Portuguese: http://h30487.www3.hp.com
    German: http://h30492.www3.hp.com
    Korean: http://h30491.www3.hp.com/t5/community/communitypage
    Simplified Chinese: http://h30471.www3.hp.com/t5/community/communitypage
    Thank you for your understanding
    I work for HP. However I speak only for myself, not for HP nor anyone else

  • [Deployment] How NOT to hard code the Database SID, Username, and Password

    Hi, I'm new in J2EE so be easy on me. :)
    How can I parameterize the database SID, username, and password in my J2EE application? So that anyone can change the SID, username, and password without the need to modify my code? I use Oracle 10g, ADF BC, JSF and JDeveloper 10.1.3.1.
    My friend said that I can use XML for this. But he didn't go to detail for doing this. Is it true? Is there any [or better alternative]?
    Any help or pointer to a simple tutorial would be fine.
    Thanks in advance.

    Hi -- this is quite easy to do with J2EE.
    In your application code, you declare "logical" references to resources (such as datasources, security roles, etc.) and use those in your application code so all it depends on is the logical name
    On the server where the application is deployed, "physical" resources are created that point to the actual resource -- in the case of a database, this would be the JDBC URL, username, password.
    At deployment time of the application, you then use the facilities of deployment tool to "map" the logical references in the application, to the physical references that exist on the server. So you connect the dots between your application needing something and the server providing the something. That way all the "details" are abstracted out of the your application code.
    I don't know how this works in ADF, BC4J, etc. but I presume that since they are based on standard/J2EE, it must be available somehow.
    I wrote something about this a while back using direct JDBC as an example:
    http://buttso.blogspot.com/2006/06/datasource-lookup-using-javacompenv.html
    -steve-

  • How do I get Firefox to remember two usernames and passwords for att.yahoo?

    Firefox remembers one username and password, does not auto-fill-in the information (which is good), but will not ask to remember the second username and password. How do I get Firefox to remember the second username and password?
    I have two e-mail accounts which use the same login page, one account is sbcglobal and the other is yahoo. I would like Firefox to remember both sets of information so I don't have to type all the username and password information for one account.

    * Make sure that you not run Firefox in (permanent) [[Private Browsing]] mode
    * You are in Private Browsing mode if you see "Tools > Stop Private Browsing", possibly grayed
    * You enter Private Browsing mode if you select: Tools > Options > Privacy > History: Firefox will: "Never Remember History"
    * To see all History settings, choose: Tools > Options > Privacy, choose the setting <b>Firefox will: Use custom settings for history</b>
    * Uncheck: [ ] "Automatically start Firefox in a private browsing session"
    See also http://kb.mozillazine.org/User_name_and_password_not_remembered

  • How easy to sniff a public FTP/HTTP username and password?

    Hi IT Colleagues,
    I understand that using plain FTP/HTTP , it is possible to sniff username and password using sniffer like wireshark.
    However, I just to want know how easy to do it.
    I know that in order to sniff , you should be in the same network or subnet as the website or ftp site.
    Regards,
    Jhun

    It is trivially easy to sniff credentials out of FTP and HTTP due to the fact there is no encryption at play. One should also not simply consider the risks of someone running a sniffer on your local area network, or on the local area network of the remote
    server, website or ftp site, but should consider the possibility for traffic to be sniffed along the way. The NSA is doing a rather good job of sniffing all of our traffic, credentials and all! Don't just worry about someone like the NSA though, a malicious
    user on an ISP network, or an administrator of a proxy server could just as easily sniff the plain text traffic.
    Kieran Jacobsen @kjacobsen http://aperturescience.su

  • Securing webpages on the site with username and password

    whats the best way to secure web pages on a web site.
    if the users are given user name and password and are required to autheticate before accessing the information on the secured pages

    It depends on many parameters. Like what is the nature of business transacted on the web site, how many end users are to be supported, whether its and intranet sote or is exposed to all on the internet, are there users who can perform opertions using multiple roles, can the authentication mechanisms built into the web server(s) be used etc, etc.
    See http://java.sun.com/j2ee/blueprints/apmTOC.html Specifically chapters 9.2 and 9.3 for getting some kind of orientation towards web application security.

  • How to create a login funtion with different usernames and password to iweb

    Hi,
    Im looking for hours for a solution to create / add a function to iweb which allows users to login to a member area with their own user names and passwords.
    Is there a simple way to realize this? So far I know there has to be a file with all the user name --> password combinations, can I add such a file to my idisk and then get it working with my iweb site?
    Is such an idea in general possible with iweb?
    Thanks for your help!
    Message was edited by: Macusar08

    One possibility may be to use the free drop.io to privately share links to your iWeb site pages and/or iDisk files. +"Each 'drop' (...) can be password-protected and set to expire after a period of time, so you can share exactly what you want with whom you want for as long as you want."+ (source).
    Note that drop.io doesn't require an email address, name or personal registration to set up a "drop". And you can place data in either one drop or multiple drops. Each drop comes with 100mb of storage for free and you can have as many drops as you want without signing up.

  • Windows Security asking for username and password to access college intranet.

    I'm trying to access my college intranet form home and I get a dialog box called "windows security". It asks for a username and password. I've never set up a username or password. I've been onto internet setting>security and enabled "automatic
    logon with current username and password", this did not work. Please help, I really need to get onto the site!

    trying to access my college intranet form home
    Contact your college network support.  The syntax for specifying your authentication may be different than you usually use when you are just connecting there locally.
    Robert Aldwinckle

  • Access to InitialContext by username and password

    hi,
    I have implemented a web application, which gets resources via JNDI.
    I am accessing JNDI by username and password:
    Properties p = new Properties();
    p.put(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");
    p.put(Context.PROVIDER_URL, "localhost:50004");
    p.put(Context.SECURITY_PRINCIPAL, "username1");
    p.put(Context.SECURITY_CREDENTIALS, "password1");
    javax.naming.Context ctx = new InitialContext(p);
    Accessing the InitialContext works without any problems.
    My webapplication provides the functionality, that the user can relogin within the application.
    When the user pushes the relogin-button, the following code is run again
    Properties p = new Properties();
    p.put(Context.INITIAL_CONTEXT_FACTORY, guiConfig.getContext_factory());
    p.put(Context.PROVIDER_URL, "com.sap.engine.services.jndi.InitialContextFactoryImpl");
    p.put(Context.SECURITY_PRINCIPAL, "username2");
    p.put(Context.SECURITY_CREDENTIALS, "password2");
    javax.naming.Context ctx = new InitialContext(p);
    So I would like to check the access to JNDI by username and password again.
    Unfortunately I get an InitialContext EVEN WHEN MY PASSWORD IS WRONG.
    It looks like InitialContext is not cleared and access to JNDI is not checked by username and password again.
    Do I have to clear InitialContext before I relogin to the new InitialContext with the new username and new password; and if yes how can I do that?
    Thanks for your help in advance!
    Andreas
    Message was edited by: Andreas Putscher

    Hi Maksim
    I have tried the following source (within my webapplication):
    boolean isOldMethod = true;
    if (isOldMethod) {
         Properties p = new Properties();
         p.put(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");
         p.put(Context.PROVIDER_URL, "localhost:50004");
         p.put(Context.SECURITY_PRINCIPAL, username);
         p.put(Context.SECURITY_CREDENTIALS, password);
         ctx = new InitialContext(p);
    } else {
         ctx = new InitialContext();
         ctx.addToEnvironment(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");
         ctx.addToEnvironment(Context.PROVIDER_URL, "localhost:50004");
         ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username);
         ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
    Source code within on of my EJBs:
         public void setSessionContext(SessionContext context) {
              this.context = context;
    public UserAuthorization getUserProfile(String userName, String applicationName) throws CasablancaException {
         Principal prin = context.getCallerPrincipal();
    When I run oldMethod for INITIAL LOGIN and username+password are false,
         - immediately an exception is thrown
         -> THIS IS CORRECT BEHAVIOUR
    When I run newMethod for INITIAL LOGIN and username+password are false,
         - no exception is thrown,
         - context.getCallerPrincipal() returns "Guest" (I have logged in with user "TESTUSER", who is Adminstrator)
         -> WRONG BEHAVIOUR
    When I run oldMethod for RELOGIN and username+password are false,
         - no exception is thrown
         - context.getCallerPrincipal() return the old user (Context HAS NOT CHANGED to new user)
         -> WRONG BEHAVIOUR
    When I run newMethod for RELOGIN and username+password are false,
         - no exception is thrown
         - context.getCallerPrincipal() return the old user (Context HAS NOT CHANGED to new user)
         -> WRONG BEHAVIOUR     
    So in both cases (oldMethod and newMethod) no errors are thrown, but no Relogin to JNDI is performed.
    Do you have any more suggestions?
    Thanks for your help!
    Andreas

  • TS1702 How do change the old Apple ID username and password to the updated username and password for the apps store?

    How do you change the old Apple ID username and password to the updated username and password in order to get updated apps from the app store?

    cbkitche wrote:
    How do you change the old Apple ID username and password to the updated username and password in order to get updated apps from the app store?
    Do you mean you kept the same account but you only updated your AppleID?
    Just log out and log back in with new ID.
    Note that the AppleID is embedded into the item at purchase and cannot be changed.
    However, when you change your AppleID, it will link the old account name to the new account name so you will not have any problems updating apps using the new AppleID.

  • How can I change the admin username and password

    how can I change the default admin adminadmin username and password for the server

    What version of Creator are you use?
    In Creator 2 Update 1, using Application Server version 8.2, you can do the following..
    1) Log into the Admin Console using the default UID/PWD
    2) Expand the tree view by following this path:
    Application Server > Configuration > Security > Realms > admin-realm
    3) Click on "Manage Users"
    4) Click on the UserID "admin"
    5) enter the new password that you would like
    6) Click on the "Save" button on the upper right side of the page.
    That should do it for you.
    Good luck

  • When trying to convert a pdf file into a word doc, i only get the graphics but not the text. How do i remedy this?

    When trying to convert a pdf file into a word doc I only get graphics but no text. What to do?

    Hey hamsa142,
    I think you are converting a scanned PDF to word.
    You might need to run OCR first to make the text recognizable and then convert it to word.
    Regards,
    Anubha

Maybe you are looking for

  • XFCE Keyboard Layout applet not working after latest xorg update..

    Is this a bug in the xorg update or most the kbd layou be reompiled or? I am not able to swtich between my two kbd layouts anymore.. Downgrading the org packages made it work again but I guess that's not a long term solution... Regards, BTJ

  • ITunes will not open my iPod

    Ok so every time I open iTunes and connect my iPod video it comes up with a error saying "The software required for communicating with the iPod is not installed correctly. Please reinstall iTunes to install the iPod's software." I used the guide abou

  • Migration w/ Reincarnation?

    I'll need to cleanly migrate to a replacement HD at some point but-- In the last 2 attempts, my standard apple OS dictionary ap has remained corrupted. I posted a question months ago without getting a working solution. In each migration attempt on SL

  • Applescript to print a .doc file using TextEdit with print dialog.

    I want to print a pdf file using TextEdit . I want to display the print dialog before doing the print operation. Can any one help me with apple scripts to perform this operation. We tried to use this script; but when I click Cancel on print dialog. I

  • video -Tag in fluid grid

    I'm building a site using fluid grids in Dreamweaver. When adding a video with the HTML5-video-Tag an the video.js-Player, it isn't possible to get the video automatically resizing when changing the window size. Adding <video style="max-width: 100%;