Sometimes it's useful to be able to create hidden pages, which can be seen by only a subset of people. Hidden pages have a variety of applications. Here are some:
There are, no doubt, sophisticated ways of creating hidden pages using web server configurations. I've bumped into a few webs that appear not to be accessible from outside the subnet that serves them. These mechanisms can provide a high degree of security. However, a simpler mechanism that employs Unix file protections can be used to create a simpler, more flexible system.
Note: The following discussion assumes that your web is being served by a Unix machine. If it isn't, the principles may still apply, but the details will be different.
Every file in the file system (on the Unix machine that is serving your
web) has a set of file protections. You can see these by logging in to
the system and giving the Unix shell command "ls -la". Here's
an example of the directory listing for some of the files in this
Webhints web.
total 1240
-rw-r--r-- 1 ross users 5113 Dec 8 16:34 background_roll.html
-rw-r--r-- 1 ross users 3417 Dec 8 16:34 background_single.html
-rw-r--r-- 1 ross users 4386 Dec 8 16:34 backgrounds.html
-rw-r--r-- 1 ross users 3348 Dec 8 16:34 bars.html
-rw-r--r-- 1 ross users 4641 Dec 8 16:34 bars_homegrown.html
drwxr-xr-x 2 ross users 512 Dec 8 16:35 bin
drwxr-xr-x 2 ross users 5120 Dec 8 16:39 binlib
-rw-r--r-- 1 ross users 4789 Dec 8 16:39 binlib_backgrounds.html
-rw-r--r-- 1 ross users 4722 Dec 8 16:39 binlib_bars.html
The letters on the left are the protections and take the form:
protection = type prot prot prot ! Type, User, Group, Other type = "-" | "d" ! "-" for file, "d" for directory. prot = read write execute ! Examples: "r--" or "-rw" read = "r" | "-" ! "r" for readable. "-" for non-read. write = "w" | "-" ! "w" for writeable. "-" for non-write. execute = "x" | "-" ! "x" for executable. "-" for non-exe.Thus,
drwxr--r--
means that the file is a directory file, that it can be read, written, and "executed" by its owner, but that it can only be read by those in the same group, and by others.
The above is really just a refresher course. If you're not familiar with all these concepts, it might be worth reading a little about Unix protections before continuing (but it's not strictly necessary).
The Unix protections allow one to specify who gets to read and write one's files, and mostly it's pretty black and white. Either one subgroup does or doesn't get a particular kind of access, and if system security is sound, this will be enforced. For the purposes of webbing, all those who are browsing your web fit into the category of "other", and so I will restrict my discussion to "other" protections from now on.
Although the protections are simple, there's a rather special effect that happens with X protection and directories. Because it doesn't make sense to "execute" (as in "run") a directory, as one might execute a file containing a computer program, the designers of Unix have employed the execute flag for a different purpose. It works as follows. If read access (r) is set for a directory, then the person browsing can read the list of files contained by the directory. Otherwise, the contents of the directory can't be determined. Similarly, if execute access (x) is set for a directory, then the person browsing can access files within the directory (so long as the files themselves aren't protected). Otherwise not.
The normal protection for an "open" directory that can be read by anyone is r-x. This protection enables the person browsing both to see what files are in the directory, and to access the files. Directories with r-- protection don't make much sense as, while you can see what files the directory contains, you can't read them! Directories with --x protection are much more interesting. Such directories do not allow you to obtain a list of the files they contain, but they do allow you to access a file if you know its name! This fact enables hidden files (and directories) to be created. The trick is to create a directory with --x protection and then place within it files (or directories) that have names so obscure that no one would ever guess them. Once this has been done, you can disclose the names of the files only to those whom you want to see the files.
The hidden file mechanism works for users of your machine who are browsing your files. It also works identically for those on the other side of the world who are browsing your web (which consists of files), as the webserver will not serve a file unless the "other" protections are satisfied for the target file.
I'll discuss how to set the protections (even if you can't log in to your server) later. First, here's some examples.
Suppose that you wish to send a greeting "card" to each of your friends with each greeting "card" taking the form of a single web pages. So far so good. The only catch is that you don't want your friends to be able to read each other's cards. You also don't want the rest of the world to be able to read them either. In fact you want only the intended recipient of each card to be able to read their card.
To do this, set up a directory called (say) cards and set its "other" protection to --x. Then place each friend's web page in the directory with normal readable protections (which is r-- (or r-x) for non-directory files). At this point, the structure should look something like this ("other" protections shown):
cards (--x) thomas.html (r--) richard.html (r--) susan.html (r--)
This is the basic structure for hidden files. Under the above scheme, those browsing the web will be able to see the cards directory, but if they go "into" the directory, it will appear as if there are no files there at all. However, anyone who knows the name of a file in the directory can read it. So if someone somehow knew that there was a thomas.html in the directory, they could access it. If the URL for the cards directory was http://www.ross.net/cards/, then here's what would happen if someone typed in various URLs into their web browser:
http://www.ross.net/cards/thomas.html - Displays page thomas.html
http://www.ross.net/cards/ - Error, no "index.html" and
can't display dir contents.
So, once the protections were set up, you could simply email Thomas and tell him to look at http://www.ross.net/cards/thomas.html and Susan and tell her to look at http://www.ross.net/cards/susan.html and so on.
The only problem with the above scheme is that the names aren't obscure enough. If someone figured out that you were using first names to name the hidden files, they could guess them. In particular, your friends might guess them because they probably know the names of your other friends! So something needs to be added to make the names more obscure. One way to do this is simply to use random numbers (or letters) instead of the names. For example, you might use:
cards (--x) 342592.html (r--) 140237.html (r--) 836768.html (r--)
Thus, you would email the URL http://www.ross.net/cards/342592.html to Thomas, and so on. The number of digits you choose will determine the security level. In the above, six digits are used, which means that an opponent would have a number_of_pages/1000000 chance of finding a page for each attempt. If security is important to you, you will probably need to use a LOT of digits, as computers may be able to make thousands of attempts very quickly.
The danger in using raw numbers is that you will muddle them up yourself and end up with people receiving URLs to the wrong cards! The solution to this is to use BOTH a name and a number. Thus, the final directory might look something like this:
cards (--x) thomas_342592.html (r--) richard_140237.html (r--) susan_836768.html (r--)
You would then email Thomas http://www.ross.net/cards/thomas_342592.html and so on, and if you mix up two numbers, the URLs simply won't work.
Suppose that you prepare a secret business proposal in the form of a web (in the directory "proposal") and you want someone on the other side of the world to see it, but nobody else. To do this, create the following structure:
hidden (--x)
proposal_8235627 (r-x)
index.html (r--)
prices.html (r--)
summary.html(r--)
Assuming that the directory hidden was at http://www.ross.net/hidden/, you would then just email the person (whom you want to read the proposal) the URL http://www.ross.net/hidden/proposal_8235627/
Under this structure, nobody can see what's in the directory called hidden. But if they know that the directory proposal_8235627 exists there, they are then free to access the contents of that subdirectory (including listing the files contained there).
You can use the protection mechanism to strictly control the flow of people through your pages. You can even use it to stitch together a sort of treasure hunt, test, or adventure. Consider the following structure which implements a simple maths treasure hunt:
maths (--x) index.html (r--) page38656_42.html (r--) page65437_bill.html (r--) prize4257638.html (r--)
You might give the URL http://www.ross.net/maths/ to a child. When they typed it in, they'd get the index page. It would say "multiply 6 by 7 and put the answer on the end of page38656_. They could do this, and if they got the answer wrong, they'd get an error. If they got the answer right, they'd get the next page! The next page would say "what's the first name of the current US president. Append it to page65437_", and they'd append it and go on to the final page which would reveal a secret password that they could email you to prove that they completed the test.
The details of the above are silly, but the mechanism should now be clear. The point is that this technique can enable you to control the flow of people through your pages even to the extent of requiring them to "answer" questions before proceeding to another part of your web. In this way, you can keep out all but specific subcultures. For example, if you happen to be a sheep (it's not just dogs that remain anonymous on the net), you could keep out all but other sheep by using the special sheep password BahRamEwe as part of each filename.
The remainder of this page describes how to set protections on a directory. It should be emphasised that you should never need to fool with the protections on non-directory files: they should always be set to r-- or r-x. In most cases, all you need to do to construct any of the above organizations is to simply set the protection on a single directory file.
If you can log in directly to the Unix system that is your web server, you can set the protection on a directory (called say sloth) by setting default to the directory that contains the directory and issuing one of the following commands:
chmod go=x sloth ---- Make contents invisible. chmod go=rx sloth ---- Make contents visible again.
If you can't log into your server, but you can FTP there, you can use the following FTP commands to set protections.
site chmod 0755 sloth - To make a directory rwxr-xr-x site chmod 0711 sloth - To make a directory rwx--x--x
If you're using the Macintosh FETCH program, you can send these FTP commands by selecting the send FTP command menu item of the Remote menu. You can see whether it worked by slecting the View file list menu item of the Remote menu.
Internode Systems doesn't allow users to log into its webserver, so if you're using that server, you'll have to use the FTP commands to set protections.
The following octal protections table is included for reference only.
Octal ----- 4000 SUID 2000 SGID 1000 Sticky bit 0400 Owner: R 0200 Owner: W 0100 Owner: X 0040 Group: R 0020 Group: W 0010 Group: X 0004 Other: R 0002 Other: W 0001 Other: X
Webmaster: ross@ross.net