This command will place the user's address, as text, into your document. INSERT_DOMAIN may be a somewhat misleading name (it might better be called INSERT_ADDRESS), but is used to keep the naming consistent with the HIDE and SHOW commands where a sub-domain is normally specified as opposed to a complete address. Here is an example:
Your TCP/IP address is: <INSERT_DOMAIN>.
If you have turned on your Web server's option to look up the DNS name associated with the client address for each connection, the INSERT_DOMAIN command will insert the DNS name found by the Web server. Otherwise, it will insert the numeric IP address of the client.
Any HTML text that follows HIDE_DOMAIN will be hidden from those people in the domains listed until the next SHOW command. You can use the HIDE_DOMAIN command to hide links or other parts of your pages from people outside your intranet or domain.
Multiple domains may be specified. For example, to hide text from sub-domains 123.456 and 123.89, use:
<HIDE_DOMAIN 123.456 123.89>
A space is used between each domain, and you may specify any number of domains (limited only by the maximum document size).
When comparing the address(es) in the HIDE_DOMAIN command to the actual client address, NetCloak performs a "begins with" check. This means that the address of the user accessing the page must begin with the given domain parameter for text to be hidden (or shown in the SHOW_DOMAIN command).
You may specify as much or as little of the domain address as you like. For example:
<HIDE_DOMAIN 123.456.>
and
<HIDE_DOMAIN 123.>
would both hide text from the browser with the address of "123.456.78.9". The second command would also hide the text from a browser at the address "123.654.932.10", but the first would not. Specifying more of the address just makes the command more restrictive.
To use the HIDE_DOMAIN command with domain names instead of numeric IP addresses, you must turn on DNS lookups in your Web server (in WebSTAR, check the "Use DNS" setting) then use the "Contains" variant of the command. For example, the command
<HIDE_DOMAIN_C .maxum.com>
would hide text from anyone coming from the domain "maxum.com" (as long as you have your Web server set to resolve domain names).
When comparing the address(es) in the HIDE_DOMAIN_C command to the actual client address, NetCloak uses a "contains" check. This means that the specified domain parameter can appear anywhere in the client domain name.
This can lead to unexpected results. For example, if you wanted to hide text from all clients in the ".com" domain you might use:
<HIDE_DOMAIN .com>
This would work as you would expect, but would also hide the text following it from a client in the domain "home.common.edu" or "many.computers.se" which may be undesirable. When using HIDE_DOMAIN this way, you should be as specific as possible.
Any HTML text that follows will be visible to clients in the listed domains. (See HIDE_DOMAIN above for details.) SHOW_DOMAIN also supports a SHOW_DOMAIN_C variation analogous to HIDE_DOMAIN_C.
This command will place the username specified for basic authentication into your document at the specified point. The example below inserts the user's name:
Hello <INSERT_USERNAME>!
The username inserted is whatever the user entered into an authentication dialog box displayed by their Web browser. Normally the user will not have entered a username or password unless they have loaded a page with a NetCloak REQUEST_PASSWORD command or protected by a realm or other security on your Web server. Until the user enters a username and password, the username will be blank.
This command hides the HTML text that follows it from clients who have entered one of the specified usernames. As with other NetCloak commands, you may specify multiple usernames. For example, to hide text from everyone who has entered the username "John" or "Bob", use:
<HIDE_USERNAME JOHN BOB>
To see if the user has entered a name, you can use the HIDE_USERNAME command without specifying a username to check. The command HIDE_USERNAME, used without specifying a username, will hide text from anyone who has entered any username. The example below will display the username, or a message if the user has not entered one yet.
<HIDE><SHOW_USERNAME> Hello <INSERT_USERNAME>!
<SHOW><HIDE_USERNAME> You haven't entered a user name yet.
<SHOW>
NetCloak performs an exact comparison between the username and the specified parameters and ignores capitalization, so the command:
<HIDE_USERNAME bo>
will match a username of "bo" or "Bo" but not "Bort" or "Rambo".
HTML text that follows this command will be visible to clients who have entered any of the specified usernames.
This command will place the user's password, as text, into your document at the specified point. For example:
You entered the password <INSERT_PASSWORD>
This command should be used with caution, as it displays sensitive information on a page. Note that the actual password, not a series of bullets, asterisks, or blanks, will be displayed in plain text on the user's browser.
This command hides the HTML text from users with the specified password. As with the other NetCloak commands, you may specify a full or partial password, and you may specify any number of passwords in the command. For example, to hide text from all people with the password "MOOF":
<HIDE_PASSWORD MOOF>
You can use the HIDE_PASSWORD command without specifying a password to see if the user has entered a password. The command HIDE_PASSWORD, used by itself, will hide text from anyone who has entered any password. The following example will display the user's password if they have entered one, or a message if they haven't.
<HIDE><SHOW_PASSWORD> Password confirmed as: <INSERT_PASSWORD>.
<SHOW><HIDE_PASSWORD> You have not entered a password yet.
<SHOW>
NetCloak performs an exact comparison between the password and the specified parameters and ignores capitalization, so the command:
<HIDE_PASSWORD mo>
will match a password of "mo" or "Mo" but not "Mother" or "ammo".
HTML text that follows this command will be visible to users with the specified password. Other than showing instead of hiding text following, SHOW_PASSWORD is identical to the HIDE_PASSWORD command; see that section.
This command allows you to request a password from the user for a page. If a valid username and password are not entered, NetCloak will return the No Access page instead of the requested page.
The "Realm" parameter used in this command is sent to the browser as text and will be displayed in the username/password dialog box presented to the user. It does not need to match a defined realm on your server. It is used only as a piece of text that is shown to the user so that they know what password they are being asked to enter.
In addition, you can specify a series of users which have access to the page and should not be prompted for a password. In other words, you can specify the usernames and passwords you are looking for right inside the REQUEST_PASSWORD command. To specify a "user", enter the username and password within a pair of double-quotes, and separated by a comma. For example, the user "John" with a password of "Moof" would be defined as "John,Moof".
To allow "John" and a couple of other people access to a page, you might use a command like:
<REQUEST_PASSWORD "Name" "John,Moof" "Bob,Whopper" "Dawn,fbr192">
The REQUEST_PASSWORD command requires an exact match between the specified parameters and the username and password but ignores capitalization. The command:
<REQUEST_PASSWORD "my server" "lo,go">
would allow a username of "Lo" or "LO" but not "Lonnie" or "Carlos", and would allow a password of "Go" or "GO" but not "gone" or "fargo".
Note that the password request can be conditional when used in conjunction with HIDE and SHOW commands. Whenever text is hidden, the REQUEST_PASSWORD command will also be hidden and therefore not activated. In the example above, we could allow everyone access to the page on the weekend, but only allow John, Bob, and Dawn access during the week:
<HIDE_DAY SAT SUN> <REQUEST_PASSWORD "Name" "John,Moof" "Bob,Whopper" "Dawn,fbr192"> <SHOW>
On Saturday and Sunday, the REQUEST_PASSWORD command will be hidden, allowing everyone access to the page. During the week, a username and password will be required to gain access to the page.
Note that NetCloak's REQUEST_PASSWORD command is completely independent from your Web server's built-in security or any security add-ons. In many cases, NetCloak is a simpler and more reliable way to secure a single page than realm-based or other security built into the Web server. With the SHOW_USERNAME and SHOW_PASSWORD commands, NetCloak also allows you to apply password security to portions of an HTML page.
Copyright © 1996-7 Maxum Development Corporation
820 South Bartlett Road - Suite 104
Streamwood, IL 60107
http://www.maxum.com/