I have a documentation managed on readthedocs.org. Is there a way to password protect or at least make our documentation available only for some of our customers?
Unfortunately, docs hosted on Read The Docs cannot be password-protected.
The best you can do (as of now) is to set your documentation to "Private" which will show users a 404 when they navigate to your docs from the www.readthedocs.org website. However, this is extremely weak security as anyone with the actual url can still view your documentation.
From their documentation:
With a URL to view the actual documentation, even private docs are viewable. This is because our architecture doesn’t do any logic on documentation display, to increase availability.
However, you could just host the Sphinx generated documentation yourself, and that you could password protect. I would say that is definitely your best bet!
Read the Docs is really just a convenience hosting service, you can still host your documentation elsewhere, and then easily password protect it just like you would password protect anything else.
Update
Btw, the easiest way to do that is to just generate generate static .html files - using make html from the root folder. Put those HTML files up on an internally hosted web server and you're good :)
Related
I currently have documentation built by readthedocs.org on docs.mycompany.com and my regular company website on mycompany.com. For SEO purposes I would prefer to have the documentation on mycompany.com/docs, so my documentation content contributes to the company website ranking.
From the documentation on custom domains I can only find subdomain examples. Am I correct in thinking the above is not possible with readthedocs.org and would require me to start self-hosting the documentation?
Read the Docs cannot control your root domain (mycompany.com) if you have something else hosted there. You could put a reverse proxy listening at /docs on your mycompany.com domain pointing to your <project-slug>.readthedocs.io URL.
I will host a static site (just a few pages actually) on Netlify, a cloud hosting provider. It would be my notes and may have sensitive code and API keys. I want it set up so that only I can access this site from internet and no one else. How can I block access to the static site for others?
Alternately, if I do the same with with Github Pages, is it possible to restrict access there?
You need an access control mechanism to protect your notes.
If you are running the web server doing the hosting, most web server programs (Apache and nginx are the two most popular) have built-in access control mechanisms, see link given by Carsten H or see Access Control with Apache or How to Set Up Password Authentication with Nginx (Digital Ocean guide).
If you are using Github Pages, it is possible to do access control, but a bit more tricky. You can create a Github OAuth application and ask people to authenticate using your Github OAuth app. The app will ask for their username, and check if that username matches a list of allowed Github users (probably just your Github username). If the usernames match, static content is served up, otherwise the user is redirected to a 403 forbidden page.
Also see the github-heroku-attack-rabbits project page for details of how to create the Flask app mentioned above (using flask-dance to authenticate users via your Github OAuth app). The Flask app can be hosted for free on Heroku.
Two more things to note regarding public/private repos:
If you are using Github Pages, the repository containing your notes will need to be private, otherwise the contents of your notes will be in a public repository (even if the Github Pages static page has an access control layer).
Just because a repo is private does NOT mean its Github Pages page is private. By default, a private repo's Github Pages page is accessible/readable by the public. It is up to you to put an access control mechanism in place to protect the page.
You can try the encryption route. Here, the name staticrypt really says everything (I have a demo here). It allows you to create a password for each page for your website. It used AES-256 encryption, so as far as I am concerned, a long password should suffice.
If you don't share the password, you will be the only one to view the webpage.
These are actually two questions and is good practice to ask them individually.
This is a frequently asked question and depends on your server, e.g. for Apache you can edit your .htaccess following this instructions
you need to create a private repository by checking the private repository option during the repository creation
I use rmarkdown to create html pages. I would like to know how to publish, simply and efficiently, html pages.
Solutions that I know exist:
Web hosting: you can purchase a specific domain and host you your files. I have built some wordpress sites with this, but I don't know basics about web security, it is necessary to have a ftp transfer software.
With google drive, you can host html pages. It is quite simple, you can find the id the the shared document, and enter: googledrive.com/host/DocumentID. But you can not customise the domain name, and this url is redirected to a very complicated name.
It seems that github offers a lot of possilities. I think that some of you have already had the same problem and found the solution. So could you please share ? Thank you
you can host your html easily just check out this or this
I am making a chrome extension which needs to add/delete/modify file in any location in our hard drive. The location can be temporary folder. How is it possible to make it. Please give comments and helpful links which can lead to me have this work done.
You can not, but adding a local server (nodejs/deno/cs-script/go/python/lua/..) to have a fixed logic (security) to do file stuff and providing a http server to answer back in an ajax/jsonp request would work.
The extension will not be able to install the software part.
edit: if you want to get started using nodejs, this could help
edit2: With File and Directory Entries API (this could help) you can get hold of a FILE OR complete FOLDER (getDirectory(), showDirectoryPicker()).
Thankfully, this is impossible.
Google or any other company wouldn't have many friend if their extension(s') installation caused compromise including complete control over any files(ie. control over machine) on your hard drive. The extension can save information to disk in a location that is available for storing local information as mentioned. You will not have any execute permission on the root or anywhere nor will you have any read or write permission outside of the storage location.
However, extensions can still be malicious if they gather information from a user of a web page (I am sure that Google can filter some suspicious extensions).
If you really need to make changes on your hard drive you can store information on a server and poll for changes with a windows client application or perhaps you can find where the storage information is kept and access it from there from a windows app.
i'm trying to make a chrome extension and I need the have an options page where the user is able to login. this way the extension knows who he is and can retrieve specific data from a server.
I'm not sure how to do this. Any one has a tutorial page or, better yet, a sample code?
thank you all!
A number of extensions use OAuth or OpenID for authentication. There is a tutorial for OAuth on code.google.com. You could also just use a username/password and make a XHR request to validate them. It really depends on the site and what authentication methods it offers.
You need an authentication engine... In other words you need to have a backend for your chrome extension which handles logging in and logging out. This is extremely easy to do. You can use a backend as a service if it's a small project (look at Parse or Firebase) or write your own backend using a framework like Ruby on Rails.
http://rubyonrails.org/; https://www.parse.com/; https://www.firebase.com/
Options pages are well documented on the official docs, including sample code.