Resources for developers of Bible software
If you are involved with the technical implementation details of your web server, this page will describe the steps you need to execute in order to enable password protection of EPPJ prayer lists on your server. Password protection must be enforced by the web server in order to maintain security. For instance, simply including a password inside the eppj.txt file would reveal that password to anyone who directly opened that file. Before you continue, however, you should note that if done incorrectly, you can inadvertantly reveal your list to those who should be able to see it. If you are non-technical or do not understand the steps herein, you should hire someone with the appropriate skills to implement this.
1. The first step in password-protecting a prayer file is to redirect any accesses to it from the eppj.txt file to a script on your server. The following example shows how to implement redirection using the Apache web server software. For other web server software, there will be similar features but you will need to check the documentation for your software. The following should be added to the .htaccess file in the root directory of your server (if .htaccess doesn't exist, create it with the following).
<VirtualHost *:80>
ServerName www.mydomain.com
Redirect /eppj.txt http://www.mydomain.org/eppj.php
</VirtualHost>
<VirtualHost *:443>
ServerName www.mydomain.com
Redirect /eppj.txt https://www.mydomain.org/eppj.php
</VirtualHost>
Note that there are two entries: one for http access and one for https access. If you only support https, the first block can be eliminated. You should replace "www.mydomain.org" with your domain. Also, we are redirecting to a PHP script. Obviously, if you are using some other scripting language, the name of the script will need to be changed appropriately. Finally, if your eppj.txt file is located somewhere other than the root folder, you will have to adjust the location of the file. For example:
Redirect /prayers/eppj.txt https://www.mydomain.org/eppj.php
2. The eppj.txt file must be placed in a folder that is outside of the directory structure managed by your web server software. For instance, if your web site root document folder is /usr/web/mydomain.org, then the eppj.txt file cannot be located in any folder that begins with that. Rather, it must be place in /usr/web, or some such location that the web server will never serve up to a request.
3. Write a script that handles password authentication. If authenticated, the script should serve up the eppj.txt file, otherwise, it should respond with an indication that a password is required. Click here to view a sample PHP script.
As per the specification, the password is passed in the url as "?pwd=X" where "X" is the password. There are three valid responses: 1) If there is no password or the password is incorrect, return "secure". 2) If some error occurs during the script, return nothing. 3) Otherwise return the text of your eppj.txt file.
4. Once you've implemented and tested it, you can give out the url of your prayer list to your authorized intercessors. This will be the url that will be redirected, not the redirection script, or else a compliant EPPJ prayer client app will not be able to access the list. That is, it should be the root folder indicated for the eppj.txt file that is to be redirected. You also need to give the authorized people the password used to access the file.
Note that you should use a sufficiently secure password to protect your data. You need to balance these two facts: 1) the shorter it is, the less secure it is, and 2) the longer it is, the harder it is for the intercessor to type when prompted for it. We recommend the following as a minimum: