I host my website on 000Webhost.
I have to fill all my scripts for my website in the folder "public_html" (Example: /public_html/index.html).
I would like to have a "private" folder on the same level (Example: /private_html/variables.php) like public_html, but where only I can access and place things in it.
Is there any possibility for it or some other host which will support this function?
Private "stuff" is not meant to be on a web server. Create a small app server where you can a have a database and keep its IP private or get some security from the hosting service (better) and connect to it maybe from SSH (PuTTY) and then exchange files over it.
Anyway, a very basic workaround way to implement what you need is something like a PHP script that asks for admin credentials when a page under that folder with a URL(even if someone gets access to it when you would try to keep it private in the first place) is hit. From there, after you get authenticated, you can load the rest of the page using the same script which will basically present you a management tool or UI for yourself...Say if you'd want to upload some files or delete them.
Related
I will host a static site (just a few pages actually) on Netlify, a cloud hosting provider. It would be my notes and may have sensitive code and API keys. I want it set up so that only I can access this site from internet and no one else. How can I block access to the static site for others?
Alternately, if I do the same with with Github Pages, is it possible to restrict access there?
You need an access control mechanism to protect your notes.
If you are running the web server doing the hosting, most web server programs (Apache and nginx are the two most popular) have built-in access control mechanisms, see link given by Carsten H or see Access Control with Apache or How to Set Up Password Authentication with Nginx (Digital Ocean guide).
If you are using Github Pages, it is possible to do access control, but a bit more tricky. You can create a Github OAuth application and ask people to authenticate using your Github OAuth app. The app will ask for their username, and check if that username matches a list of allowed Github users (probably just your Github username). If the usernames match, static content is served up, otherwise the user is redirected to a 403 forbidden page.
Also see the github-heroku-attack-rabbits project page for details of how to create the Flask app mentioned above (using flask-dance to authenticate users via your Github OAuth app). The Flask app can be hosted for free on Heroku.
Two more things to note regarding public/private repos:
If you are using Github Pages, the repository containing your notes will need to be private, otherwise the contents of your notes will be in a public repository (even if the Github Pages static page has an access control layer).
Just because a repo is private does NOT mean its Github Pages page is private. By default, a private repo's Github Pages page is accessible/readable by the public. It is up to you to put an access control mechanism in place to protect the page.
You can try the encryption route. Here, the name staticrypt really says everything (I have a demo here). It allows you to create a password for each page for your website. It used AES-256 encryption, so as far as I am concerned, a long password should suffice.
If you don't share the password, you will be the only one to view the webpage.
These are actually two questions and is good practice to ask them individually.
This is a frequently asked question and depends on your server, e.g. for Apache you can edit your .htaccess following this instructions
you need to create a private repository by checking the private repository option during the repository creation
I recently had a developer populate a WPLMS site for me hosted on my HostGator account.
www.midwifecafe.co.za
I did explain at the time that I wanted the site developed my main url
www.midwifecafe.com
I would then simply setup a re-direct from the .co.za to the .com domain.
The site was developed on the .co.za url and the developer now tells me he cant manage to have the site hosted on the main .com url
He now left high and dry, he's been paid and wont help anymore.
I am unsure what to do? Is this a problem or something I can resolve?
Would appreciate any advice.
First of all, that developer is a jerk. This should take him 10 minutes max to do, assuming he knows how (he probably doesn't). Sorry for your bad experience.
The ultimate answer depends on a few things, like how your site is setup, etc. However generally, one of my favorite tricks for this is a little script called Search Replace DB --https://github.com/interconnectit/Search-Replace-DB.
Here's what you do:
BACKUP EVERYTHING. Yes, EVERYTHING
Move your site files to the new host, where the .com version will live.
Move your database to the new host
Edit your wordpress site's wp-config.php file to use the new host database information for dbname, user, password, and server (probably localhost on Hostgator).
Upload the search replace db folder to the root of wordpress, then access the folder in your web browser. Follow the prompts to fill in what you want to search for (www.midwifecafe.co.za) and what you want to replace it with (www.midwifecafe.com). If you're not familiar with Github, you can download the search replace script here: https://github.com/interconnectit/Search-Replace-DB/archive/master.zip, which you'd then upload to your server in it's own folder and unzip it
If you run into issues, first you have a backup (see step 1), secondly you can run through their github page for tips and help.
Once the search and replace for the domain name runs successfully, you'll want to do two things.. DELETE THE Search Replace FOLDER. This is super important. Leaving it there is a big-time security risk. And lastly, you'll probably need to login to WordPress admin and visit the Settings > Permalinks page to generate the proper URLs on your new host.
Hopefully that's some help! Good luck!
I would then simply setup a re-direct from the .co.za to the .com
domain....
Doesn't work that way with WordPress. But it is straightforward to move a WordPress site from one domain to another; it involves changing the URLs in the database. That's the most critical part.
But a move may also involve moving files at your host (this depends on your hosting setup) from one folder to another; you didn't say if you are staying on the same host or moving to another host at the same time as the domain change
Read the official docs Moving WordPress « WordPress Codex and take a look at WordPress Serialized PHP Search Replace Tool, which it sounds like you will need.
I think from your question which was not completely clear, that you want to me your wordpress website from one domain to another.
If so you can do the below manually:
Download all the files from your old domain
Upload the downloaded files onto your new domain
Export database from old domain account.
Go to new hosting account, create a new database with username and
password.
Open up PHPMyAdmin and Import the database that you exported into
the newly created database.
Open up phpmyadmin an and go to the wp_options table. Replace the
site url and home url rows with your .com domain address.
Then open up SQL option in phpmyadmin and run the following:
UPDATE wp_posts SET guid=REPLACE(guid,'www.midwifecafe.co.za','www.midwifecafe.com'); UPDATE wp_posts SET post_content=REPLACE(post_content,'www.midwifecafe.co.za','www.midwifecafe.com');
Now open up your wp-config.php file in ftp and edit it to suit the
new database name, username and password. For additional measures
you can also add the below to wp-config.php:
define('WP_HOME','http://www.midwifecafe.com');
define('WP_SITEURL','http://www.midwifecafe.com');
Check your .htaccess file and make sure there is no mention of your
old domain.
Now run your website and see if that fixed your issues.
Is there a way to get sandboxed, user-selected directory access on any major file service without first getting read level access to their entire filesystem?
There's a lot of talk about "unhosted" static webapps that allow users to access their data from a 3rd party file service (Google Drive, Dropbox, their own server, etc.). The most notable effort I've found so far is remoteStorage.io, but there doesn't seem to be a way with any major provider to let the user select a directory and then use that as a sandbox without breaking their trust (i.e. getting read access to all their files first).
From the user's perspective, the webapp shouldn't have access to anything else on the remote file storage except the one folder the user grants it access to (for example, I might grant a text editor access to my FunnyJokes folder).
The current work around seems to be having the webapp force a specific folder name ahead of time ("this app wants access to /appname_notes"), but that rules out letting the user point it to where they may already have their notes.
Does anyone know of a nice way to do this with Google Drive, Dropbox, or the like?
The user experience that makes the most sense to me is something like...
User opens an unhosted webapp (for example, a basic text editor TextyApp). They click a button to connect with their data.
3rd party auth page appears (for example, Google Drive) and it says "The app TextyApp has requested read/write access to your files. Please select a directory to use."
Confirmation screen: "Grant read/write access to folder FunnyJokes for TextyApp?"
The page redirects back to the webapp with sandboxed accessed to the user-specified folder and the files within it.
This seems like how remote file storage should work, but I haven't found a way to do it yet. Any thoughts/suggestions would be great!
Cheers,
Adam
Edit: To clarify, I'm not talking about storing hidden "application data", but instead letting the user specify a particular directory to sandbox for use with a webapp that they may not want to give broader access to.
The Dropbox Apps API provides the ability to restrict any app using your API key to a single directory of your Dropbox account. So users could create an API key with access to a specific directory and then plug that into your app. However, that's not a user-friendly workflow.
I think the Dropbox Drop-Ins Chooser/Saver API might be close to what you want. The user is presented with a Dropbox file selection popup, and your app only gets access to the specific file(s) that the user selects.
With remoteStorage, sandboxed directory access is currently the default way for apps to request (and users to grant) access to the storage. However, users cannot manually select or enter custom directories during the connect phase.
I'm trying to integrate Dropbox into my web application in the following way:
Users can enter a Dropbox Share Link, i.e. a Dropbox folder that can be accessed by anyone, even without a dropbox account.
My application then grabs the images from the folder and displays them to all users of my application.
Now as far as I can tell, the Dropbox API doesn't allow this without sending the user through a full-blown OAuth process. But since the shared link is public anyway, I don't need (and don't want) access to the users Dropbox account.
Is there a way to access a shared link in a programmatic way (without parsing the DOM or similar hacks)? Maybe there is a query parameter on the shared link to retrieve the contents as JSON? If it exists, I didn't find any docs about it.
Surely I'm not the first one to try this, so please share your solutions!
No, there's no programmatic way to list folder contents from a share link. If you have a share link for a specific file, then you can convert the domain from www.dropbox.com to dl.dropboxusercontent.com, but this trick doesn't work on folders.
I have a java swing based UI which I use to monitor a filesystem folder. Anytime a new file is added to the folder, i upload it onto my web server.
I'd like to drop the java interface and go for a web app with a simple file uploader UI where the user can see the files being upoaded and which were uploaded.
The workflow;
User open browser. Opens the web app page. Browses and selects the local filesystem folder which needs to be monitored. Over the hours as the new files are added to the local folder, they are shown in the web interface and get uploaded onto the server.
My question is what all technologies can i use to implement this. I already have the HTMl based web Ui ready. I now need to monitor(/sync?) a selected local folder. what all do i need to do that. I remember there was something created by google which allowed a background process to monitor folders.
regards
To my knowledge I do not think its possible from the browser because of security concerns. You'll need to rely on client software. You could provide your Java app as a software, similar to Dropbox.