Obscurity does not equal security.

Use Apache's basic authentication, or a CGI script.

#Psuedo Code
my $q = CGI->new();

if($q->param("password") eq "my password"){
  my $base_dir = '../secure_docs/';
  my $requested_file = $q->param("file") || '';
  if($requested_file =~ /(\w+)/){
      $requested_file = $1 . '.html';
  }
  else{
      exit;
  }
  my file = $base_dir . $requested_file;
  if(-e $file){
    open($fh, $file);
    print while <$fh>;
    close $fh;
  }
}
else{
   exit;
}
# of course, there are other/better ways...
[download]

Hope this helps.

John J Reiser
newrisedesigns.com

The other thing I should mention is that "security through obscurity" is not a good idea. You should assume that "secret" directory names will be leaked or guessed eventually.

I concur with this approach, as thats exactly what I suggested in the CB.

I however didn't realize that this is an attempt to not have to secure a directory. *BAD BAD BAD* If you have sensitive data, secure it. Simply not showing someone that the door is wide open and all your goodies are inside is no excuse not to put a lock on the door, and close said door. There are all manner of articles online and elseware that talk about this. Companies have even tried to press legal charges against people who managed to walk in the open door, and results have varied.

If you want secure data, encrypt/password protect it.

/* And the Creator, against his better judgement, wrote man.c */

No, this cannot be done, using frames it is possible to have an outer frame that displays an inner frame, so the content is the inner frame, but the address is that of the outer frame. However this method is (a) annoying, and (b) NOT a security technique. There is nothing you can do to hide the URL that cannot be trivially bypassed. You should rethink your security scheme to something that doesn't depend on hiding the url.

function changeLocation(){
location.replace("www.mypage.com/unknown"); }
[download]