Yes! After you have started an account, you can set a name and password entry for the indexer to search into a protected directory and all of its subdirectories, using the basic HTTP authorization protocol - that's the little grey box that pops up to ask for a name and password before going any further. (If your grey box also asks for a Domain, you need to select for basic authentication in your MicroSoft Internet Information Server.) Free accounts get just one HTTP password entry, and paying accounts can have three. Note that since the PasswordProtected Directory feature is only in the account manager after sign-up, if your entire site is password protected then you will need to sign-up for your account by indexing a different site to start, then setting the password feature and reindexing for your intended site later.
If your password protection is by scripts and cookies, this also can work. PicoSearch will hold and pass your cookies when indexing (assuming they are server side cookies in the "Set-Cookie:" field of the HTTP header - client side cookies set in javascript will not be handled by PicoSearch). You may need to give PicoSearch an entrance url that sets the login cookies at the beginning of indexing, including setting the password arguments in the url args. So something like this as an Entry Point for PicoSearch might work well: http://www.mysite.com/login.asp?user=picosearch&password=allowpico
Please note that this is just an example of the format. To get the real variable names, you could try looking at the html code of your actual login page. The name of your login script is in the <form action="login.asp" method="post" ...>, and the cgi args are in the <input name="user/password" ...> lines.
If you construct the cgi url with all input args, and your site still goes back to the login page, it's possible that your server is accepting only method="post" requests, and you must find your server's option to allow method="get", ie. get requests which show the args on the line like you have made. Other ideas include making a page that sets the cookies without requiring args (just make sure no one else knows about it but PicoSearch), or setting your server to allow PicoSearch into the site by recognizing the IP (contact us for the IP ranges that cover PicoSearch).
To use the HTTP password feature, go to the Password Protected Area settings of your account management control panel, after you have started your basic search engine. Provide a user name and password, as well as the name of the protected directory. Don't forget to change or add to your Entry Points as necessary to reach that directory as well by the following of links. Now when you reindex, whenever PicoSearch comes to that directory, it will be priveledged to enter just like any user to whom you have given special access. When a user finds protected documents in their search results, they will still have provide their own authorization to fully view the documents just as if they had surfed there on their own. And since the PicoSearch's text excerpts could "leak" some information to unauthorized viewers (if you chose to offer the search engine outside of the protected area, for example), you also have the option to turn the excerpts off just for those documents. In this way, PicoSearch can facilitate access to your website without compromising your security measures.
If you have other kinds of ASP or cookie based authentication that you can't get to work directly, you can still get PicoSearch to index your site by one of the tricks used for SSL servers - see SSL FAQ
|
