Quote:
"search engines may not like these dynamic URLs (Rewrite rule may needed)" is not a disadvantadge, as this is a protected directory so search engines should not be allowed in.
Yes, this is true.
Quote:
I don't think Method 2 would work. You say that if a user goes to /protected/dir/ then they get redirected to protect.cgi and then redirected to page.cgi?g=dir. Well if your authorization is only in protect.cgi, what's stopping a user from bypassing that and going straight to page.cgi? You'd be much better off putting the authorization code in page.cgi, and then use rewrite to rewrite /protected/dir/ to page.cgi?g=dir.
Note, that some users suggested to avoid .htaccess usage because server dependency. Rewrite rule is also Apache dependent...
My suggested 2/b) solution avoids server dependent solutions, and the meta redirect helps us having firendly URLs when/if the user types the URL.
You are right, in 1st redirect case there is a bug, I forgot the SID parameter, which identifies the user session.
This is the correct example:
1 | /pages/Computers/Printers | /cgi-bin/lsql/page.cgi?g=/Computers/Printers&SID=8734874387&d=1 Quote:
You'd be much better off putting the authorization code in page.cgi
Yes, it's possible to implement the authorization right into page.cgi using a plugin (to avoid need of separate protect.cgi).
Quote:
Method 3 can be accomplished much simpler by just using method 1 and a rewrite rule:
RewriteRule /protected/(.*) /cgi-bin/protect.cgi?page=$1 [L]
and have protect.cgi authenticate the user and then output the requested html. This way you aren't maintaining a bunch of empty html pages with nothing but an ssi include in them.
We were talking about avoiding the server dependent solutions if possible.
Your suggested rewrite rule is really great if we use Apache. Really elegant solution.
But if we don't have Apache, the solution is to use method 3) with SSI (as long the webserver supports SSI and has enabled).
Anyway, there were several solutions listed in this thread, depending on following needs:
-
Server:
Apache dependent or
server independent solution
-
Page display method:
Static or
Dynamic -
URL lookout:
Clean or
Difficult to read I tried to take into consideration the above listed needs, and my suggested solutions shows that diversity. Of course, knowing the exact resources we have, we can limit to the best one solution.
Best regards,
Webmaster33
Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...