Ever view a really neat page and want to see how it is made; but your source code viewer comes up blank?   Ever transload a great image and find some server logo or a blank box in your files when you go to check your new found treasure?

How do they do that?
Most likely with .htaccess .

You ask, "Can I do that with my files?"
The answer YES and NO.

You can always hide your files behind passwords and other coding devices and make your files invisible to all.   If that is what you want, why have webpages in the first place?   You can use .htaccess to limit viewing by browser type or IP number.   Most WebTV users have a very limited knowledge of what .htaccess can do or how it works.

Let's take a very non-technical look at .htaccess and clever scripts that are supposed to hide files.

Q:   Can I block viewing to PCs by allowing browsers on IP numbers (209.240) in my .htaccess and excluding all others?   Doesn't that prevent PCs and servers (transloaders, source viewers, etc) from seeing my files and codes; thereby preventing other WebTV users from seeing my source codes or stealing my pages?

A:   NO -- MSNTV owns the IP numbers 209.240.192.0 through 209.240.223.255.   That range includes 8192 IPs or possible servers.   By using 209.240. you are allowing the possibility of up to 65,536 different IPs to view your files.   That leaves 57,536 IPs other than those used by MSNTV that can view your files.  Most of those other IP numbers are owned by ISPs in the USA and Canada.

Q:   Can a WebTV user view my .htaccessed codes without using a source code viewer or other computer type tool?

A:   YES -- all files that are viewed on any browser are downloaded into that browser.   Any one who knows how, can call up the codes of any viewed file from the cache in their WebTV browser.

Q:   Isn't that breaking my security?   Isn't that hacking?

A:   NO -- What security? You allowed the codes to be downloaded.   They are in the browser, not your site.

Q:   Doesn't gzipping my pages and sigs prevent others from seeing my codes?   When I use a source code viewer, I see the computer mime for the zipped version.

A:   NO -- WebTV browsers can see gzipped files.   That means the browser is "translating" those gzips into html.   See previous two answers.

Q:   Many graphics sites block transloading.   What is the point in displaying images for the taking if we can not transload them to our own accounts?

A:   The webmasters are blocking hotlinking -- not transloading per se.   If you have an account at Domania, Arbor Hosting or have your own transloader that includes a referrer built in, you can transload those files successfully.   The script makes the server think you are viewing from the site and not viewing from afar (linking).

Q:   Can I use a special script to prevent PC viewers from dowloading my files?

A:   NO -- any file that any browser sees or hears, is already downloaded into the drive that houses that browser.   The user only needs to find the file among his temporary internet files (cache) and save it to a permanent folder in his PC.   Those no-right-click scripts are, at best, a bad gimmick and, at worst, a terrible joke. They are, in my opinion, the biggest waste of time and bytes on the internet.

Q:   Will .htaccess hide my files from crackers, bots, search engines and other referral engines?

A:   NO -- it may be 99+% effective.   It only takes one breach to let your files out into the cyberworld.

Q:   What are some things that you have "found" that were hidden behind .htaccess or scripts intended to hide intruders?

A:   Here is a short list:

• Well, the first thing I found was on an ISP's free website.   A businessman had a pic of his mistress among his files.   I emailed him privately and told him I stumbled across it with my WebTV.   (ftp access with my LBB)
• A link to the temp files on a popular banner maker site.   I could see all the banners created by the users for about a two day span.   (search engine)
• A page of passwords to all the websites of a guy and his girlfriend.   A letter his girlfriend wrote to his wife -- why on a webpage, I do not know.   (search engine - both links)
• Several of my own pages, copied from behind .htaccess.   (tracker links)
• Embedded links to someone's private random midi generator.   (server access logs)
• Malicious scripts that caused LBBs to crash.   Reported to server owner and site was denied further use of .htaccess.

Q:   So, what is the best way to hide our files?

A:   There is only one way to insure that your passwords, account numbers, PINs, private notes, embarrassing pictures, or other goodies do not become "public".   NEVER put them on a web server -- PERIOD.   Only put there what you wish to and can afford to share with the cyberworld.

Until next time, blessings to all.