Better support for PW protected directories

[hcacree]

I've been managing a website for a professional group for a while. For now It's been pretty much one-way with just static pages.

However now I'd like to have a public and private web pages. For instance I want to mail out a newsletter (150/month) and have folks in my chapter register for a monthly dinner. Both require me to store all of the member's e-mail addresses. I've been dragging my feet on these changes in part because the whole security thing about having all of their e-mail addresses gives me the willies.

Password protecting directories with Cpanel seems to have good security so far as I can tell, but there isn't any user password change, or PW reset. I'd be willing to type in all the valid e-mail address (IDs) to start. I know who the group members are. But with about 100 members I just don't think that I could mange PW resets effectively through Cpanel.

It seems to me that HG could offer an (extra?) service where they take over the security for the password protected directories. Then I could just assume (yea I know what ass-u-me stands for...) that anyone who could get through to my password protected directories could/would/should be able to use the forms with database access that I have in those directories. My users are good guys who wouldn't fiddle around with hacking thhe system. It just seems to me that HG could set this PW protection on the directory level better than I could with some swipped PHP scripts and a mySQL database.

Good security would seem to help a lot to prevent sites from getting hacked.

[slapshotw]

I voted no. There's plenty of CMSes with user control, and no reason for HG to take on another responsibility they're not going to be able to specialize in (especially one for which so many other solutions exist).

[Dwight]

Quote:

Originally Posted by slapshotw

I voted no. There's plenty of CMSes with user control, and no reason for HG to take on another responsibility they're not going to be able to specialize in (especially one for which so many other solutions exist).

I agree. That's a function of the webmaster/designer, not the hosting company. Plenty of scripts that do what you want.

[gwyneth]

In this case "better support" means implementing new applications and devoting a lot of resources.

Why don't you search sourceforge.net for "membership" or "access control"--you'll probably find dozens of open source apps that would do what you want.

[hcacree]

Agreed, I can find dozens. I have no idea how secure any of the scripts are however. I don't any idea which ones the developer is still monitoring the security of the scripts.

I am seriously studying "upgrading" to a CMS now. Probably go to Joomla! just because of popularity.

But more hospital PW control of directories would be a nice intermediate step in my mind.

HostGator already has a dialog box that does PW control. All I want is a "forgot password" which would send PW in e-mail to user holding ID.

[Koni]

Quote:

Originally Posted by hcacree

Agreed, I can find dozens. I have no idea how secure any of the scripts are however. I don't any idea which ones the developer is still monitoring the security of the scripts.

I am seriously studying "upgrading" to a CMS now. Probably go to Joomla! just because of popularity.

For one of my sites, I had the need for secure, members only areas and looked for a long time to find a suitable solution, free and paid types. Looked into CMSs as well.

For this particular site, I concluded that a CMS was overkill for what was needed. Besides, the site was well established with a ton of "pages" that would need to be converted.

Finally chose to use a program called "PHP Membership Manager Login Script" which turned out to fit the bill perfectly!!

It has many of the features you are looking for. You may want to check it out to see if it has all of the features you want. It is a paid program with good support and it has definitely been worth it.

If nothing else, it might be a good "intermediate" solution.

[hcacree]

Kmoi,
That tool looks good and its ownly $20. How much trouble could it be for hostgator to duplicate it? HG can either spend time restoring sites that aren't as well protected as the owener thought the site was, or HostGator can improve security.

[skeetr]

Hostgator has their servers protected. Thats their job.

If you build websites, then protecting the website is your job.

Just like it is not HG's responsibility to make sure that your website is running correctly, it is not their responsibility to make sure that your websites are protected.

If you want to have your websites protected, then protect them. If you want to make sure that the server is protected, contact HG and they will make sure they are protected.

Its really simple....keeping WEBSITES password protected, is YOUR responsibility.

Sorry to be blunt, but it doesnt seem like you are understanding HG's responsibility within YOUR website. They really dont have any.

[hcacree]

Understand that it is not HostGator's responsibility, but I bet they get involved in a lot of crisises where the PHP scripts that were cut and pasted weren't as secure as the web siter owner thought they were....

I'm a project manager. I wrote my first FORTRAN program with a card deck in 1971. But it doesn't bother me at all to point out that HostGator has a lot smater programmers than I.

I know that I can't protect my PC, so I buy Norton products. I'd gladly pay HostGator the $20 for the code if they would keep it updated. I don't live and breath security. I'm trying to deliver content to my chapter on my website, I'm not trying to prove what a good PHP programmer am I.

Seems like we're having a violent agreement. I'd absolutely agree that HostGator's servers are better protected than my website. That is why I think they are in a good position to help me with the security on my website.

I'm not worried about my webpages. I'm worried about the e-mail addresses of my Chapter Members. I have my site backed up. Both site backups, and backups of my development enviroment (harddrive & CDs).

HostGator itslef is a target. I'm sure that there are numb numbs out there trying to break into HostGator websites to attack the server, and the server complexes. Don't you get it? If they crack my site, yours is at more risk too.

I understand that HostGator can't be responsible for the security of all of tools out there. but I'd sure like their help locking the front door better. I guess in part, I'm in a fortunate situation. I'm hosting a site for a local chapter of a national organization. I KNOW who my members are. I see them frequently.

Even if I install Joomla!, keeping the security patches up to date is my responsibility. I read the T&Cs. I'd rather lock Joomla! away rather than rely on Joomla! security.

[slapshotw]

Quote:

Originally Posted by hcacree

HostGator already has a dialog box that does PW control. All I want is a "forgot password" which would send PW in e-mail to user holding ID.

Just as an FYI, this isn't something Hostgator developed. It's a standard part of Apache. All the cPanel tool does is add a line to your .htaccess to allow this.

[skeetr]

Quote:

Originally Posted by hcacree

I understand that HostGator can't be responsible for the security of all of tools out there. but I'd sure like their help locking the front door better.

Well if thats all you want, then why dont you ask them? Or have you?

I dont think this is getting violent at all. If you feel I am, then I apologize because I am not upset in the least.

I would imagine that HG would do pretty much the same thing as the other "cut & paste" scripts that you find out in cyberworld. Personally, I dont think you would have a problem.

My last 2cents worth.