Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Password protect/key generator for secure server access

disconap

disconap

macrumors 68000
Original poster
Oct 29, 2005
1,810
3
Portland, OR
Hey Mac webbers. I have a bizarre request; we would like to create 1000 randomly generated passwords for access to a folder on our server, and we would like each password to work for only three access attempts. I honestly have no clue how to go about this; any advice/links/people offering to explain it step by step/etc?
 
disconap said:
Hey Mac webbers. I have a bizarre request; we would like to create 1000 randomly generated passwords for access to a folder on our server, and we would like each password to work for only three access attempts. I honestly have no clue how to go about this; any advice/links/people offering to explain it step by step/etc?
Click to expand...


ok what kind of server is it?
 
This is just my first thought. Very rough outline:

Make a db with a table containing 2 fields:
Code: 
password tinytext
used tinyint default 0

Make a quick and dirty random generator, something along these lines, and insert the passwords in the table:
PHP: 
$alphanum = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '2', '3', '4', '5', '6', '7', '8', '9');
$chars = sizeof($alphanum);
$passwordlenght = 6;
$a = time();
mt_srand($a);
for ($i=0; $i<$passwordlength; $i++) {
    $randnum = intval(mt_rand(0, $chars));
    $password .= $alphanum[$randnum];
}

Then make a login to the folder, and when a certain password is used add 1 to the "used" field in the table. When the maximum is reached, in your case 3, the password is no longer valid.
 
Is there a script to place the passwords in the table, or do I need to manually insert all 1000? Otherwise, that looks pretty tight, I'll try it out...
 
disconap said:
Is there a script to place the passwords in the table, or do I need to manually insert all 1000? Otherwise, that looks pretty tight, I'll try it out...
Click to expand...


you need to either learn php/mysql or hire someone. you are in over your head.
 
superbovine said:
disconap said:
Is there a script to place the passwords in the table, or do I need to manually insert all 1000? Otherwise, that looks pretty tight, I'll try it out...
Click to expand...
you need to either learn php/mysql or hire someone. you are in over your head.
Click to expand...
superbovine may have a point. It's fairly easy to take the above mentioned code and put it in a for loop and insert as many passwords as you want into the table...
 
superbovine said:
you need to either learn php/mysql or hire someone. you are in over your head.
Click to expand...

I'm not in over my head, as I'm not doing anything yet. I've tried to find someone or hire someone, nobody is responding and it's been a week, so I decided to start asking for help since we're under deadline. This is also why I asked for "advice/links/people offering to explain it step by step/etc", to get an idea of where to start...
 
Mitthrawnuruodo said:
superbovine may have a point. It's fairly easy to take the above mentioned code and put it in a for loop and insert as many passwords as you want into the table...
Click to expand...

Thank you for the help on both counts. I'm looking at more in-depth PHP tutorials over the weekend, so hopefully I'll be able to sort all this out. :)
 
disconap said:
I'm not in over my head, as I'm not doing anything yet. I've tried to find someone or hire someone, nobody is responding and it's been a week, so I decided to start asking for help since we're under deadline. This is also why I asked for "advice/links/people offering to explain it step by step/etc", to get an idea of where to start...
Click to expand...

http://rentacoder.com

you can write out your specs and ppl with will bid on the job. The reason I saw that is, just trying to hack something together of people direction without really knowing what is going on isn't to wise because you are dealing with security. You are going to be the one getting hacked. This is why I recommended hiring someone that knows what they are doing. Knowing how to secure a website and avoid things like SQL Injection exploits probably takes a bit a knowledge that you just won't get off a tutorial. Granted probably someone a rentacoder won't know it either, but they had a better shoot a making it secure.
 
superbovine said:
http://rentacoder.com

you can write out your specs and ppl with will bid on the job. The reason I saw that is, just trying to hack something together of people direction without really knowing what is going on isn't to wise because you are dealing with security. You are going to be the one getting hacked. This is why I recommended hiring someone that knows what they are doing. Knowing how to secure a website and avoid things like SQL Injection exploits probably takes a bit a knowledge that you just won't get off a tutorial. Granted probably someone a rentacoder won't know it either, but they had a better shoot a making it secure.
Click to expand...

That makes a bit more sense, then, as I hadn't really considered the security issues involved with SQL. I'm not too bothered if people can hack the passwords to get access to the files; it's free content anyway, so if someone earns it, they get it, I don't really care. But there are other security risks, I'm sure...
 
php.net is a very good source if you want to try learning a bit more php. Highly recommended.

And, unless you have state secrets in there a pretty basic login scheme should be adequate... ;)
 
Mitthrawnuruodo said:
php.net is a very good source if you want to try learning a bit more php. Highly recommended.

And, unless you have state secrets in there a pretty basic login scheme should be adequate... ;)
Click to expand...


Heh. Yeah, it's probably going to be on a url that is currently redirect anyway, so the only access they will have is to the downloadable content. The only worry that Superbovine has now brought up is that I've heard people talk about how PHPbb boards using SQL that have been hacked have caused problems in other parts of servers, though I've never heard anyone say that that has happened to them. Urban legend?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back