PDA

View Full Version : password protection



albsure
11-14-2003, 10:42 AM
With the help of this site I have developed my company's website. (http://www.corrosionlab.com)
I now would like to add a subweb that is password protected. The subweb will have multiple user access and must be secure.

Any suggestions for software or if it is possible for me to do.

chromate
11-14-2003, 11:07 AM
You could do it with .htaccess to protect a directory. Or you could use a scripting language like PHP and a database to store the passwords.

.htaccess is probably easier if you don't have any experience with PHP. You just edit it like a normal text file.

Chris
11-14-2003, 11:26 AM
Sometime your host will have a control panel that automates the .htaccess password protecting process.

albsure
11-20-2003, 01:16 PM
Thanks for the tip but I might need the protected files to be encrypted. I don't think htaccess does this.
Is there way to do encryption another way?

Chris
11-20-2003, 02:38 PM
How are you going to view the encrypted files?

There is such a thing as an encrypted connection, that may be what you're looking for.

albsure
11-20-2003, 02:53 PM
Sorry, I did mean an encrypted connection.

Chris
11-20-2003, 05:19 PM
You need an SSL certificate (try instantssl.com). A hosting account that can support SSL as well.

This will encrypt the data between your server and the client's computer. This is not password protection.

albsure
11-21-2003, 02:43 PM
thanks

bugsy
11-23-2003, 09:18 PM
If you are using apache, here is how to password protect your directory:

1. Place the following code in your virtual server (in the apache.conf file):

<Directory /home/mysite/htdocs/protectedDir>
AllowOverride All
order allow,deny
allow from all
</Directory>

2. Create the .htaccess file in the directory which will be protected (or in other more secure location). Enter the following:


order allow,deny
allow from all
require valid-user
Authname DirectoryName
Authtype Basic
AuthUserFile /full_path/htpasswd_file


3. Creating a new htpasswd file.

$ /usr/sbin/htpasswd -c htpasswd_file username


It will prompt you for the password twice.
The "-c" option creates a new file. Enter the command without this option to only add a user to an existing file.


Then restart apache with the follow command: service httpd restart

albsure
11-25-2003, 11:55 AM
Is this protected directory setup correctly?

http://www.corrosionlab.com/Restricted/restrict.htm

Chris
11-25-2003, 12:30 PM
I can't access it. So long as the username and password works I'd say yes.

albsure
11-25-2003, 12:39 PM
Can robots still spider the protected directory?

Chris
11-25-2003, 12:40 PM
No