I should give a little background as to why I am doing this.

My wife and I post family pictures and house pictures on the web. My wife also goes on talkers and makes a lot of friends. She only gives out the webpage to friends but sometimes others get it, and then harass her.

We are about to move into our new house, and when we do, she is going to drop the external website and use the Server that I am putting together.

Family members will have a redirection site to get to the pages, but others will have the direct site.

Here is how the direct site works. When my wife gives out the site to someone, she goes to a page that only allows access from the localhost:).

• She Enters the person's First and Last name (could be an alias)
• She enters the person's email address
• She enters the person's current ip address
• She enters a timeout (15 mins to 30 mins).

What do yall think? Is is too paranoid?

What do yall think? Is is too paranoid?

No, but your approach sounds like a royal pain-in-the-ass, and has a few rough edges to it, like "She enters the person's current ip address". How does she know? Does she rely on them knowing? How do they know? What happens when they're coming in through a proxy server (e.g., AOL) that might change IP addresses between page fetches? Yuck, yuck, yuck.

I think you'd be better off setting up password protection for the directory. Augment it with some side bookkeeping so that you can expire users, or preallocate a number of users and hand them out on demand.

Or, if you don't want people to even know that there's a hidden page somewhere. provide a page with an unlabeled "password" box. Provide a one-time (or time-bound) password, and be "redirected" to dynamic content. Then, all your wife has to do is hand out passwords.

It is a royal pain in the ass. The fact of the matter is, nothing is to much of a pain in the ass to keep unwanted people out. and away from my babies (see two of the three here krisahoch

The people that she would give it out to are on a program called an EW-Too based talker (Resort, Central Perk), where typing the command 'x me' will display their IP address.

She and I are in agreement, that if they can't see the website, then Oh well.

I really like that idea about the passwords though. Thank you for the suggestion, I'll probably use it.

Kristofer

This all seems like far too much work. Just put the webpages at

http://yourserver/~youruser/hidden/SOMESECRETWORDOFTHEDAY/picture1.jpg
http://yourserver/~youruser/hidden/SOMESECRETWORDOFTHEDAY/picture2.jpg
http://yourserver/~youruser/hidden/SOMESECRETWORDOFTHEDAY/picture3.jpg
...
[download]

and then tell them to go to http://yourserver/~youruser/hidden/SOMESECRETWORDOFTHEDAY/. As long as there's an index.html at hidden (even as simple as I've got at http://www.stonehenge.com/pic/, which is my personal version of this), there'll be no listing of the contents, so no way to determine what the secret word of the day is. Change the SOMESECRETWORDOFTHEDAY frequently, and you control exactly how long someone can be out of touch with you and still see the page.

-- Randal L. Schwartz, Perl hacker