Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Password Protection in Apache
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's
Author Message
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661
PostPosted: Tue May 31, 2005 5:29 pm Reply with quote
Im not the author of this but i just found it but can be usefull to those who need it or can use it...
I know its kiddystuff but could be helpfull for some... Smile


    Ever wanted a specific directory in your site to be available only to people who you want it to be available to?
    Ever got frustrated with the seeming holes in client-side options for this that allowed virtually anyone with enough skill to mess around in your source to get in?

    htaccess is the answer!

    There are numerous methods to password protecting areas of your site, some server language based (such as ASP, PHP or PERL) and client side based, such as JavaScript.
    JavaScript is not as secure or foolproof as a server-side option, a server side challenge/response is always more secure than a client dependant challenge/response.
    htaccess is about as secure as you can or need to get in everyday life, though there are ways above and beyond even that of htaccess.
    If you aren't comfortable enough with htaccess, you can password protect your pages any number of ways, and JavaScript Kit has plenty of password protection scripts for your use.

    The first thing you will need to do is create a file called .htpasswd.
    I know, you might have problems with the naming convention, but it is the same idea behind naming the htaccess file itself, and you should be able to do that by this point.
    In the htpasswd file, you place the username and password (which is encrypted) for those whom you want to have access.

    For example, a username and password of wsabstract (and I do not recommend having the username being the same as the password), the htpasswd file would look like this:

Code:



wsabstract:y4E7Ep8e7EYV



    Notice that it is UserName first, followed by the Password.
    There is a handy-dandy tool available for you to easily encrypt the password into the proper encoding for use in the httpasswd file.

    For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed above your www root directory.
    You'll be specifying the location to it later on, so be sure you know where you put it. Also, this file, as with htaccess, should be uploaded as ASCII and not BINARY.

    Create a new htaccess file and place the following code in it:

Code:



AuthUserFile /usr/local/you/safedir/.htpasswd


AuthGroupFile /dev/null


AuthName EnterPassword


AuthType Basic


require user wsabstract



    The first line is the full server path to your htpasswd file.
    If you have installed scripts on your server, you should be familiar with this.
    Please note that this is not a URL, this is a server path.
    Also note that if you place this htaccess file in your root directory, it will password protect your entire site, which probably isn't your exact goal.

    The second to last line require user is where you enter the username of those who you want to have access to that portion of your site.
    Note that using this will allow only that specific user to be able to access that directory.
    This applies if you had an htpasswd file that had multiple users setup in it and you wanted each one to have access to an individual directory.
    If you wanted the entire list of users to have access to that directory, you would replace Require user xxx with require valid-user.

    The AuthName is the name of the area you want to access. It could anything, such as "EnterPassword". You can change the name of this 'realm' to whatever you want, within reason.

    We are using AuthType Basic because we are using basic HTTP authentication.
 
View user's profile Send private message
VinDSL
Life Cycles Becoming CPU Cycles



Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com
PostPosted: Tue May 31, 2005 7:54 pm Reply with quote
Basic auth works fine, but I've grown to prefer cookie auth. I dunno, maybe it's just me, but basic auth seems so kludgey!

Good article, though! Thanks for sharing... Wink

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: VinDSL's Lenon.com | The Disipal Site ::. 
View user's profile Send private message Visit poster's website ICQ Number
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Tue May 31, 2005 9:21 pm Reply with quote
That's the method we use for Cgi Auth -> [ Only registered users can see links on this board! Get registered or login! ] and is used in NukeSentinel(tm)
 
View user's profile Send private message
hitwalker
PostPosted: Wed Jun 01, 2005 1:07 am Reply with quote
yeah i know its simple but reason for posting is,is that it was well and understandable explained... Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©