However you did it, you'd also need to use a "no follow" command for robots, plus exclude the pages from on-site searches. Since on-site searches hook also into Google search (eventually), you probably could not have an on-site search engine. Since it wouldn't be password protected, the info *could* still be found regardless of how much you try to hide it. Heck, even supposed "password protected" sites show up in Google if a user searches well enough. I can't tell you how many professional journal articles I've found by using a combination search words -- when these articles are on a for-fee password protected site. I can read that article... but can't go back through the site to access other articles. The only way I found the items was that somehow they got into Google. The other thing to remember is Google also indexes image files. I can't count how many times I searched for free pictures or graphics (by searching for a description e.g. name -- not just by searching on "free graphics"), and I ended up in a person's internal web directory--even on personal or university sites. Once a user is in the parent directory, they can access every page and image by just clicking down through the folders. Try picking a word-- like tom.jpg or sunset.jpg or other words and you can find someone's parent directory. Naming images oddly helps (like "n.jpg" or " 1.jpg"), but anyone could pick random combinations of letters/numbers and still possibly find the image. Even if you don't find an exact match, you'll still find files that have part of the letters you requested==searching for 1.jpg gets any file that ends with 1.jpg, like king-1.jpg or king_1.jpg Personally, if something is so important or private to password it, I'd invest in a dot com site so I could control the content. RW just doesn't allow us that level of control. Judy On 6/14/07, John Slaughter <[email protected]> wrote: > > Dick, > Unless the rules have changed, Rootsweb does not allow password protected > areas of a site. No, you can't use .asp. > I have read some HTML that will do what you want. Can't remember where > they are right now. I think you can find them using Google. An option that > would work is to put an index.html page in that is basically a dummy. > Then, > create your real index page, with a different name and give that page to > those people you want to authorize. > > > John Slaughter > In loving memory of our son, Brennan. 11/10/88-5/31/01. > http://john-slaughter.rootsweb.com/Brennan.html > > MA-Bay-Colony list moderator > USGenWeb County Coordinator > Essex County, MA - http://www.rootsweb.com/~maessex > Middlesex County, MA - http://www.rootsweb.com/~mamiddle > USGenWeb Town Coordinator Ipswich, Essex, MA - > http://www.rootsweb.com/~macipswi > > > > > > >From: "Dick Rose" <[email protected]> > >Reply-To: [email protected] > >To: "Rootsweb-help" < [email protected]> > >Subject: [ROOTSWEB-HELP] Member Login Capability on Websites > >Date: Thu, 14 Jun 2007 08:03:34 -0400 > > > >Please advise whether any of you are familiar coding which would accept a > > >login and comparison to a validity database to have a portion of a > Rootsweb > >website viewable only to valid members. > > > >Are .asp pages acceptable on Rootsweb? > > > >Dick Rose > > > > > >------------------------------- > >To unsubscribe from the list, please send an email to > >[email protected] with the word 'unsubscribe' without > the > >quotes in the subject and the body of the message > > _________________________________________________________________ > Play games, earn tickets, get cool prizes. Play now–it's FREE! > http://club.live.com/home.aspx?icid=CLUB_hotmailtextlink1 > > > > ------------------------------- > To unsubscribe from the list, please send an email to [email protected] > with the word 'unsubscribe' without the quotes in the subject and the body > of the message >

Judy Florian wrote: > Once a user is in the parent directory, they can access >every page and image by just clicking down through the folders. Try >picking a word-- like tom.jpg or sunset.jpg or other words and you can find >someone's parent directory. Naming images oddly helps (like "n.jpg" or " >1.jpg"), but anyone could pick random combinations of letters/numbers and >still possibly find the image. Even if you don't find an exact match, >you'll still find files that have part of the letters you >requested==searching for 1.jpg gets any file that ends with 1.jpg, like >king-1.jpg or king_1.jpg > > > Judy, I don't know your background, but you are making some blanket statements about both password protection and server protections that are not 100% applicable. Most server software I've encountered does not permit parent directory access as you mention. I think what you found is a very small minority. I could be wrong, but I don't believe you can use Goggle to do this in very many cases. Think of how much insecurity this would make for government and financial sites if it was true. I could go to a bank's site, get the image name for their logo, and then bypass their password scheme by searching Goggle until I found a page in their password protected sections with that logo on it, and then get into their parent directory - don't think so - I believe that there is much more security than that!!!!! I also experiemented using the bypass scheme you mentioned and it didn't work for the particular password protected site elements I have used in the past. This could be because of certain <META> tags I found a recommendation to use or not, I don't know. All I know is that I searched using some very unique image names, and Goggle returned nothing to reveal them on protected pages, so I guess what I used some years ago is working. NOW, all listers, please do not ask me for details on how all this works. Jeff Owens

First, I was not meaning a bank or high profile company where password encryption is high and security tight. However, I intented to compare how "security" can have different levels. Rootsweb *webpages* and their Freepages seem to share about the same security of many university webs or professional journal websites, for example, where certain areas are "member only." I don't understand HOW some of the "member only" folders or pages get into Google, but they do. For example, let's say I find the professional article "Protein in Renal function" in Google, go to the article, and then know the title, author, volume, year, etc. I then go to the main page of the same article-for-a-fee website and use that info to search for the article. I get the page saying 'we got it, now pay $18.00 to read it.' For whatever reason(s), I already found it and read it on the same site just through searching on Google. All I was trying to point out was if something gets into Google, it can be found. Since RW offers us nothing to protect our pages, chances are higher that some will get into Google too. Even if a "small minority" on other sites, I think chances are high that a RW webpage or Freepage webpage could be found even if a webmaster tried to "hide" a page or a section. That's all I was trying to point out. Judy On 6/14/07, Jeff Owens <[email protected]> wrote: > > Judy, > I don't know your background, but you are making some blanket statements > about both password protection and server protections that are not 100% > applicable. > > Most server software I've encountered does not permit parent directory > access as you mention. I think what you found is a very small > minority. I could be wrong, but I don't believe you can use Goggle to > do this in very many cases. Think of how much insecurity this would > make for government and financial sites if it was true. I could go to a > bank's site, get the image name for their logo, and then bypass their > password scheme by searching Goggle until I found a page in their > password protected sections with that logo on it, and then get into > their parent directory - don't think so - I believe that there is much > more security than that!!!!! > > I also experiemented using the bypass scheme you mentioned and it didn't > work for the particular password protected site elements I have used in > the past. This could be because of certain <META> tags I found a > recommendation to use or not, I don't know. All I know is that I > searched using some very unique image names, and Goggle returned nothing > to reveal them on protected pages, so I guess what I used some years ago > is working. > > NOW, all listers, please do not ask me for details on how all this works. > > Jeff Owens > > > > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message >