#1
  1. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    3
    Rep Power
    0

    Unauthenticated access to private web site - How to implement?


    I run a completely private website for my small service business. Any visitor/request to homepage immediately gets login/password prompt.
    There's no option to register - I distribute login/password to legitimate users myself in advance.

    I've been talking to a prospective new client company now. Next week, I'll have a first decisive meeting with their ultimate decision maker, CEO. He wants to evaluate me, and having him look at my (private) website could help. However, my friend-insider in that company suggests that CEO will not bother entering login/password while he could possibly click on a link to view the site.

    I can think of one way of giving CEO unauthenticated access to my private site:
    Create a copy of the site in another (unprotected) directory on the server and give him the link to it to click on. Theoretically, anyone would be able to access this copy of the site without authorization, but in practice it seems extremely unlikely.

    It seems that this approach would work. I still have to figure out how to give open access to a subdirectory
    /var/www/some_password/
    of the site's root directory
    /var/www
    which is protected and requires authentication to access.
    But maybe there exist better approaches to achieving this objective?

    Alternatively, creating a link for the CEO, upon clicking on which my webserver would receive the same signal as if CEO was sending his login/password would be nice. If this is feasible, it would be great to know how to implement it.

    I couldn't find any info on this on the web at all. If you can refer to any resources, thanks in advance!

    PS. I have full controll/access to any level of my site's and webserver (nginx) administration - I don't outsource anything.
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7171
    If you're using basic HTTP authentication you can put the username and password into the URL:

    http://username:password@hostname/path
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by E-Oreo
    If you're using basic HTTP authentication you can put the username and password into the URL:

    http://username:password@hostname/path
    Yes, exactly! - I've just figured this out. Thread is solved.

    Would the same approach work with Digest Authentication?
  6. #4
  7. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    3
    Rep Power
    0
    Here's more discussion on this topic:
    linuxforums.org/forum/security/194351-access-private-web-site-without-login-password-how-implement.html

IMN logo majestic logo threadwatch logo seochat tools logo