The Password Is Password (follow the link to see what I mean)
I think this is a first in the world of static site generators :-)
Now Nikola supports password-protected pages. How does it work?
If you add a password metadata field, then it will "Just Work". Like this:
I think this is a first in the world of static site generators :-) And the result is what you are seeing now.
Is it secure? Well, I am not a cryptographer, so assume no. Specifically, while RC4 is considered secure, I am not discarding the beginning of they keystream, and the implementations I am using are not audited.
So, don't use this for anything that could get you in trouble. Have fun!
UPDATE Remember when I asked "Is it secure?" well, really, no it's not. It's not stupid in the sense that decoding what's written in the post will require at least a modicum of effort by whoever is so interested in reading what you are posting in your site, but people with crypto chops will crack it like a WEP-secured AP, mmmmkay? It's also stupidly easy to bruteforce this, so be smart about passwords.
OTOH, it's more secure than HTTP simple auth, since you can't sniff it (not that simple auth is secure) and it can hide a piece of the page, which using server-based auth can't.
I may do a more secure version eventually, but this is not it. Therefore, use for fun stuff, not to hide important/illegal stuff.
It would be great to have <input type="password"> and a button to get to the contents.
Good idea about it being of type password :-)
I had a button but it looked like garbage, so I removed it.
Like garbage? What do you mean? Bootstrap has very nice and pretty buttons. Do you mean the button being lower than the inputbox? It’s fixable, see the docs.
PS. I would love to see an ability to retry without refreshing. Double post brought to you by DISQUS going apeshit.
Yes, the misalignment. I'll try reading the docs (boring! ;-)
It's just a matter of not hiding the form's div, but then it will be visible even if you decrypt successfully.
…or just throw a “Retry” button somewhere. Solution for the alignment problem is here: http://twitter.github.com/b... ← either “Buttons instead of text” or “Inline form”.
How about now?
pretty. now, if you added a “wrong password” alert, it would be even better.
Your wish is my command. Done!
Oh. I meant a Bootstrap alert. Doesn’t matter, but I learned that JS alerts are broken in the last of Chrome dev for Windows.
1. <input type="password">, please.
2. A button would be nice.
3. Same goes for an ability to retry without refreshing.
Changed it to type password right now :-)
Yes, a button would be nice, I just suck at HTML and it looked bad.
About that... it's tricky because rc4 decryption always succeeds, so to do that I would have to leave the form visible even if it succeeds, so it's a tradeoff.
What do you think of how it looks now?