PDA

View Full Version : Password protect/key generator for secure server access




disconap
Feb 8, 2006, 08:38 AM
Hey Mac webbers. I have a bizarre request; we would like to create 1000 randomly generated passwords for access to a folder on our server, and we would like each password to work for only three access attempts. I honestly have no clue how to go about this; any advice/links/people offering to explain it step by step/etc?



superbovine
Feb 9, 2006, 02:50 AM
Hey Mac webbers. I have a bizarre request; we would like to create 1000 randomly generated passwords for access to a folder on our server, and we would like each password to work for only three access attempts. I honestly have no clue how to go about this; any advice/links/people offering to explain it step by step/etc?


ok what kind of server is it?

disconap
Feb 9, 2006, 08:01 PM
I believe it's apache; we are hosted by Dreamhost (www.dreamhost.com)...

Mitthrawnuruodo
Feb 9, 2006, 08:05 PM
Do you have a mysql server running... and do you know basic php/mysql...?

disconap
Feb 9, 2006, 08:07 PM
Yes and yes, I believe we have unlimited databases as well.

Mitthrawnuruodo
Feb 9, 2006, 08:19 PM
This is just my first thought. Very rough outline:

Make a db with a table containing 2 fields:
password tinytext
used tinyint default 0

Make a quick and dirty random generator, something along these lines, and insert the passwords in the table:
$alphanum = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '2', '3', '4', '5', '6', '7', '8', '9');
$chars = sizeof($alphanum);
$passwordlenght = 6;
$a = time();
mt_srand($a);
for ($i=0; $i<$passwordlength; $i++) {
$randnum = intval(mt_rand(0, $chars));
$password .= $alphanum[$randnum];
}

Then make a login to the folder, and when a certain password is used add 1 to the "used" field in the table. When the maximum is reached, in your case 3, the password is no longer valid.

disconap
Feb 9, 2006, 10:17 PM
Is there a script to place the passwords in the table, or do I need to manually insert all 1000? Otherwise, that looks pretty tight, I'll try it out...

superbovine
Feb 10, 2006, 12:20 AM
Is there a script to place the passwords in the table, or do I need to manually insert all 1000? Otherwise, that looks pretty tight, I'll try it out...


you need to either learn php/mysql or hire someone. you are in over your head.

Mitthrawnuruodo
Feb 10, 2006, 07:45 AM
Is there a script to place the passwords in the table, or do I need to manually insert all 1000? Otherwise, that looks pretty tight, I'll try it out...
you need to either learn php/mysql or hire someone. you are in over your head.superbovine may have a point. It's fairly easy to take the above mentioned code and put it in a for loop and insert as many passwords as you want into the table...

disconap
Feb 10, 2006, 01:35 PM
you need to either learn php/mysql or hire someone. you are in over your head.

I'm not in over my head, as I'm not doing anything yet. I've tried to find someone or hire someone, nobody is responding and it's been a week, so I decided to start asking for help since we're under deadline. This is also why I asked for "advice/links/people offering to explain it step by step/etc", to get an idea of where to start...

disconap
Feb 10, 2006, 01:39 PM
superbovine may have a point. It's fairly easy to take the above mentioned code and put it in a for loop and insert as many passwords as you want into the table...

Thank you for the help on both counts. I'm looking at more in-depth PHP tutorials over the weekend, so hopefully I'll be able to sort all this out. :)

superbovine
Feb 10, 2006, 01:45 PM
I'm not in over my head, as I'm not doing anything yet. I've tried to find someone or hire someone, nobody is responding and it's been a week, so I decided to start asking for help since we're under deadline. This is also why I asked for "advice/links/people offering to explain it step by step/etc", to get an idea of where to start...

http://rentacoder.com

you can write out your specs and ppl with will bid on the job. The reason I saw that is, just trying to hack something together of people direction without really knowing what is going on isn't to wise because you are dealing with security. You are going to be the one getting hacked. This is why I recommended hiring someone that knows what they are doing. Knowing how to secure a website and avoid things like SQL Injection exploits probably takes a bit a knowledge that you just won't get off a tutorial. Granted probably someone a rentacoder won't know it either, but they had a better shoot a making it secure.

disconap
Feb 10, 2006, 01:51 PM
http://rentacoder.com

you can write out your specs and ppl with will bid on the job. The reason I saw that is, just trying to hack something together of people direction without really knowing what is going on isn't to wise because you are dealing with security. You are going to be the one getting hacked. This is why I recommended hiring someone that knows what they are doing. Knowing how to secure a website and avoid things like SQL Injection exploits probably takes a bit a knowledge that you just won't get off a tutorial. Granted probably someone a rentacoder won't know it either, but they had a better shoot a making it secure.

That makes a bit more sense, then, as I hadn't really considered the security issues involved with SQL. I'm not too bothered if people can hack the passwords to get access to the files; it's free content anyway, so if someone earns it, they get it, I don't really care. But there are other security risks, I'm sure...

Mitthrawnuruodo
Feb 10, 2006, 01:56 PM
php.net (http://www.php.net/) is a very good source if you want to try learning a bit more php. Highly recommended.

And, unless you have state secrets in there a pretty basic login scheme should be adequate... ;)

disconap
Feb 10, 2006, 02:06 PM
php.net (http://www.php.net/) is a very good source if you want to try learning a bit more php. Highly recommended.

And, unless you have state secrets in there a pretty basic login scheme should be adequate... ;)


Heh. Yeah, it's probably going to be on a url that is currently redirect anyway, so the only access they will have is to the downloadable content. The only worry that Superbovine has now brought up is that I've heard people talk about how PHPbb boards using SQL that have been hacked have caused problems in other parts of servers, though I've never heard anyone say that that has happened to them. Urban legend?

disconap
Feb 10, 2006, 03:36 PM
Again, thank you both for your input. And Mitthrawnuruodo, check your PMs. :)