Fog Creek Software
Discussion Board

Password protect webpages

Hi, just need some advice.

I need to password protect a webpage. It does not need very advance password features, just enough to prevent people from viewing source and getting the passwords.

Most of the Javascript samples out there can be  easily broken just by disabling Javascript on the browser.

I did some searching and CGI scripts are the other choice. There are free CGI password providers where you store the passwords on their servers. Is this safe, since how long will this type companies host it for free anyway?

Just curious, how do you all protect your webpages without using database?

Thanks in advance.

Monday, July 7, 2003

A database isn't required. What web server are you running?

Brad Wilson (
Monday, July 7, 2003

Unless you're planning something really elaborate, a database is complete overkill. This is a trivial problem.

If you're on an Apache type web server, look around the net for documentation on a type of file called .htaccess. Basically, in Apache you create and place a file named .htaccess in the directory that you wish to password protect. The web server will cause the user's browser to pop up a message box asking for a user name and password. The user/pass combination must be listed in an outboard password file pointed to by the .htaccess file in order for Apache to let the user see the directory. Otherwise the user gets a 'forbidden' (403?) error.

If you're on IIS, it appears that IIS's administration program provides for per-directory password protection.

I found an article through Google on this subject that is a very good overview of several web server implementations, including IIS and Apache:

Bored Bystander
Monday, July 7, 2003


look it up.
Monday, July 7, 2003

I guess boredbystander beat me to it.
Tuesday, July 8, 2003

Are you running your site on Apache? If so you could always try a .htaccess file...

Jack of all
Tuesday, July 8, 2003

Damn, I really gotta stop skimming... what Mark said.

Jack of all
Tuesday, July 8, 2003

Tuesday, July 8, 2003

Thanks for all the advice.

I think I can manage it from here.

Tuesday, July 8, 2003

Did anyone mention .htaccess?

Aych Tee Access
Tuesday, July 8, 2003

thank gawd these posts stick... sometimes this forum takes itself too seriously.
Wednesday, July 9, 2003

Hey, if the stuff posted above doesn't work out, you can always just whip together an .htaccess file.

Friday, July 11, 2003

This directives doesn't work in apache httpd file (I don't want to use .htaccess)
what is wrong in these code?
(www/popic/www represents directory)

<Directory D:/www/popic/www>
AuthUserFile D:/www/popic/www/.htpasswd
AuthName "Members Only Area"
AuthType Basic
Require user zelovic

Sunday, January 25, 2004

*  Recent Topics

*  Fog Creek Home