Re: Access Authorization

Larry Masinter <masinter@parc.xerox.com>
To: cailliau@cernnext.cern.ch
Cc: marca@ncsa.uiuc.edu, www-talk@nxoc01.cern.ch, ari@cernnext.cern.ch
In-reply-to: cailliau@cernnext.cern.ch's message of Fri, 17 Sep 1993 09:49:12 -0700 <9309171649.AA00908@www2.cern.ch>
Subject: Re: Access Authorization
From: Larry Masinter <masinter@parc.xerox.com>
Sender: Larry Masinter <masinter@parc.xerox.com>
Fake-Sender: masinter@parc.xerox.com
Message-id: <93Sep17.102214pdt.2794@golden.parc.xerox.com>
Date: 	Fri, 17 Sep 1993 10:22:03 PDT
Status: RO
If you just want to keep honest people out, then don't hack up the
protocol just to do it -- it isn't necessary. All you need is to put
the web under some directory /secret/ and add a 'query' page where you
have to type in 'secret' in order to get access to those files.

Actually, what is probably more effective and simpler is to add a
<H1>PRIVATE: This information is for use of members of the FOO project
Only. All other use is unauthorized.</H1>.

I bet you could fix up a server to just add the header automatically
to any files that were in a given directory.