View Full Version : password protection

11-14-2003, 10:42 AM
With the help of this site I have developed my company's website. (http://www.corrosionlab.com)
I now would like to add a subweb that is password protected. The subweb will have multiple user access and must be secure.

Any suggestions for software or if it is possible for me to do.

11-14-2003, 11:07 AM
You could do it with .htaccess to protect a directory. Or you could use a scripting language like PHP and a database to store the passwords.

.htaccess is probably easier if you don't have any experience with PHP. You just edit it like a normal text file.

11-14-2003, 11:26 AM
Sometime your host will have a control panel that automates the .htaccess password protecting process.

11-20-2003, 01:16 PM
Thanks for the tip but I might need the protected files to be encrypted. I don't think htaccess does this.
Is there way to do encryption another way?

11-20-2003, 02:38 PM
How are you going to view the encrypted files?

There is such a thing as an encrypted connection, that may be what you're looking for.

11-20-2003, 02:53 PM
Sorry, I did mean an encrypted connection.

11-20-2003, 05:19 PM
You need an SSL certificate (try instantssl.com). A hosting account that can support SSL as well.

This will encrypt the data between your server and the client's computer. This is not password protection.

11-21-2003, 02:43 PM

11-23-2003, 09:18 PM
If you are using apache, here is how to password protect your directory:

1. Place the following code in your virtual server (in the apache.conf file):

<Directory /home/mysite/htdocs/protectedDir>
AllowOverride All
order allow,deny
allow from all

2. Create the .htaccess file in the directory which will be protected (or in other more secure location). Enter the following:

order allow,deny
allow from all
require valid-user
Authname DirectoryName
Authtype Basic
AuthUserFile /full_path/htpasswd_file

3. Creating a new htpasswd file.

$ /usr/sbin/htpasswd -c htpasswd_file username

It will prompt you for the password twice.
The "-c" option creates a new file. Enter the command without this option to only add a user to an existing file.

Then restart apache with the follow command: service httpd restart

11-25-2003, 11:55 AM
Is this protected directory setup correctly?


11-25-2003, 12:30 PM
I can't access it. So long as the username and password works I'd say yes.

11-25-2003, 12:39 PM
Can robots still spider the protected directory?

11-25-2003, 12:40 PM