Comments (6)
Alright sir, thank you! Even though my problem wasn't resolved your recommendation did help. I will keep this in use!
from staticrypt.
What purpose do you want the multiple users to have and what would they be able to do?
If you want to connect to a database and interact with dynamic content StatiCrypt probably isn't a great fit. Either you embed the whole DB in the protected file, but then it's accessible by anyone with the password no user restriction (and you might as well embed a big JSON), or you have an external DB and then you want to authenticate the calls to the DB and staticrypt doesn't provide anything specifically for that.
You could password-protect general access to an SPA since it's a single HTML file but that's about it, and your calls to the DB would still need to be protected somehow. So a more traditional architecture might make more sense.
from staticrypt.
No purpose really, just basic authentication. I have a password that has been leaked one too many times and I am looking for a system that uses username and password authentication. So if a account gets leaked it can be suspended. (or just removed entirely from wherever its stored). This would be useful so I would know where the source of the problem comes from and I get to keep everything centralized.
from staticrypt.
Ok, I understand it better then. It looks similar to #158, allowing for multiple passwords so they can be invalidated separately. It would be a nice addition but I haven't looked into it yet and do not know if it's doable easily using webcrypto. So it's on the backlog but I don't expect it to come very soon.
The current workaround would be creating multiple encrypted files, each with a different password, and giving a different link to each of your users. That would look like encrypted_john/index.html
, encrypted_mary/index.html
, etc.
If you have only one file and it's inconvenient to create a new folder each time, I've been thinking about adding an option to pass an output filename instead of an output directory (that way you can have john.html
, mary.html
, instead of a folder for each). I don't know if that's a real need though, so let me know if that would help.
from staticrypt.
Yes, I have seen #158 and have thought about passing different output files, but wouldn't fix my issue where I would need to suspend members.
If I just deleted their encrypted_name folder, they could go to their colleague or if Mary here is John's friend, he can just ask to share the password because he forgot his and I am currently unavailable, even though I suspended him from the application that is currently guarded.
I would absolutely love if you added this Username/Password feature, but if you can not, could you recommend me some Authentication similar to my post that I can use for static websites? Thank you very much for your time helping me!
from staticrypt.
The thing is the problem with password sharing is going to be here independently of the solution you have, adding a username
input on top of the password will not change that. Mary could just tell John to use her username as well as her password.
That's why I was asking what would having multiple users change for you: if it's only to have multiple passwords you can revoke independently (and not having the content of the page change dynamically, like saying "Hello John" and loading their specific data) then you're concerned with authorization only, and not authentication. So the combo username+password
just acts as a password and you don't actually need the username
, just a unique password you can revoke.
I had an idea which would make #158 pretty easy to implement, then you could then have one file which can be unlocked with different password. I don't know yet when I'll implement it.
In the meantime the recommendation if you want to use StatiCrypt is to encrypt your files with different passwords and different output folders (staticrypt test.html -p <john-password> -d john
), and then you can send each user their URL https://example.com/john/test.html
and their password. In a way the username input becomes the folder in the URL, and you can change the password by re-running the command. (I added this to the README).
I that doesn't fit your use case you can use a more traditional method - you can restrict access to pages by configuring apache or nginx, or having your content dynamically loaded or forbidden by using whatever server language you want.
from staticrypt.
Related Issues (20)
- Remove as much of the code from password_template to allow non-breaking updates
- Make webcrypto engine the only available
- Add confirmation prompt when using a weak password
- Cannot destructure property 'subtle' of 'crypto' as it is undefined. HOT 11
- Missing Package in Latest Release 3.1.0 HOT 2
- Error: Cannot find module 'node:crypto' HOT 3
- Nothing is happening when clicking "decrypt" on encrypted pages HOT 2
- The `--remember false` option does not work HOT 1
- Page not protected until reload HOT 7
- Question - Is it possible to still use CryptoJS? HOT 4
- setup doesn't work reliably & no CSS HOT 5
- Did not generate encrypted content with "--share" HOT 1
- Auto remember me from shareable link HOT 6
- Please update the home page interface to be compatible with mobile browsers HOT 2
- Encrypt directories recursively but only HTML files HOT 2
- Encrypt page but with no password prompt box HOT 2
- Where have i gone wrong? HOT 2
- Browser Back Navigation Does Not Work HOT 6
- crypto.subtle missing on Safari iOS 17.3.1 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from staticrypt.