Fog Creek Software
Discussion Board




Password protect webpages

Hi, just need some advice.

I need to password protect a webpage. It does not need very advance password features, just enough to prevent people from viewing source and getting the passwords.

Most of the Javascript samples out there can be  easily broken just by disabling Javascript on the browser.

I did some searching and CGI scripts are the other choice. There are free CGI password providers where you store the passwords on their servers. Is this safe, since how long will this type companies host it for free anyway?

Just curious, how do you all protect your webpages without using database?

Thanks in advance.

suhu
Monday, July 07, 2003

A database isn't required. What web server are you running?

Brad Wilson (dotnetguy.techieswithcats.com)
Monday, July 07, 2003

Unless you're planning something really elaborate, a database is complete overkill. This is a trivial problem.

If you're on an Apache type web server, look around the net for documentation on a type of file called .htaccess. Basically, in Apache you create and place a file named .htaccess in the directory that you wish to password protect. The web server will cause the user's browser to pop up a message box asking for a user name and password. The user/pass combination must be listed in an outboard password file pointed to by the .htaccess file in order for Apache to let the user see the directory. Otherwise the user gets a 'forbidden' (403?) error.

If you're on IIS, it appears that IIS's administration program provides for per-directory password protection.

I found an article through Google on this subject that is a very good overview of several web server implementations, including IIS and Apache:

http://www.hwg.org/lists/hwg-servers/passwords.html

Bored Bystander
Monday, July 07, 2003

.htaccess

look it up.

www.marktaw.com
Monday, July 07, 2003

I guess boredbystander beat me to it.

www.marktaw.com
Tuesday, July 08, 2003

Are you running your site on Apache? If so you could always try a .htaccess file...

Jack of all
Tuesday, July 08, 2003

Damn, I really gotta stop skimming... what Mark said.

Jack of all
Tuesday, July 08, 2003

HA HAHA HA HA HA HA HA HA

www.marktaw.com
Tuesday, July 08, 2003

Thanks for all the advice.

I think I can manage it from here.

suhu
Tuesday, July 08, 2003

Did anyone mention .htaccess?

Aych Tee Access
Tuesday, July 08, 2003

thank gawd these posts stick... sometimes this forum takes itself too seriously.

www.marktaw.com
Wednesday, July 09, 2003

Hey, if the stuff posted above doesn't work out, you can always just whip together an .htaccess file.

timmy
Friday, July 11, 2003

This directives doesn't work in apache httpd file (I don't want to use .htaccess)
what is wrong in these code?
(www/popic/www represents directory)

<Directory D:/www/popic/www>
AuthUserFile D:/www/popic/www/.htpasswd
AuthName "Members Only Area"
AuthType Basic
Require user zelovic
</Directory>

z.v.
Sunday, January 25, 2004

*  Recent Topics

*  Fog Creek Home