MaiaTech Web Hosting and Online Application Development

Home

Web Hosting and Domain Registration
Domain
Registration
Domain Registration
Web Hosting
Web Hosting
Programming
Web Site Programming CGI PHP MySQL
Help
Help Web Hosting and Domain Registration Clients
Contact Us
Contact Us for Web Hosting and Domain Registration

Sign Up
Online

Client
Web Sites

Pay Bills
Online


Powered by
The Penguin

Get Firefox!

Get Free Online
Disk Space!

Setting up Password Protected Areas

1) Basically, you place all pages that you want protected into a sub-directory. For example, you might make a sub-directory called "members".

2) Then you create a file named ".htaccess" and place it in that directory. The contents of that file are something like this:

AuthUserFile /virtual/yourusername/passwdfile
AuthName "PasswdArea"
AuthType Basic
require valid-user

The various parts of the file are explained below:
AuthUserFile - specifies the file where the actual password(s) are stored.
AuthName - The Name of the Password Protected Area
AuthType - is the security type. Leave this as "Basic"

Note that your computer (Windows or Mac) may not like file names that start with a period, so you may need to save it locally as "htaccess", then change it's name once it is uploaded to the Linux server.

3) Create an encrypted version of your username-password file. To do this, start with a plain text file, of the format:

username1:password1
username2:password2
username3:password3
etc....

Select the entire file and copy it to the clip-board, then go to the following web page, that I have set up as a utility for creating encrypted password files:

http://maiatech.com/utils/passwdconverter.phtml

There, you will paste in the unencrypted username-password text, and then submit the form. This will result in an encrypted user-name password text that looks like this:

username1:KHyd6Hkre
username2:RkBa1776
username3:OiVeyDatsVrd
etc....

Copy the resulting encrypted username-password text to a new text file with the name specified in your .htaccess file, and upload it to the location specified in the .htaccess file.

There are other ways of making your encrypted password file.

This is one that does notrequire any additional CGI features or scripting on your site. If you have CGI, you can install (or pay me to install) one of many available scripts that allows you to add, delete and change usernames and passwords with an online form. It is even possible to incorporate this sort of thing into a "pay-for-access" web site, where clients pay a subscription fee with a credti card, and upon verification of payment, their chosen username and password are added to the password file. If you want something like this, but don't know how to program it yourself, email info@maiatech.com and we'll discuss your project.

4) Then you place your encrypted file of usernames and passwords in the location specified in your .htaccess file. Always place this outside the public_html directory, to make it harder for people to read and try to decrypt the passwords. For example, place it at the root of your home directory. Note that for security reasons, you are restricted to your home directory, but that the actual location on the server is a little different. In the example above, the file "passwdfile" is located in your home directory, but the true location of it is "/virtual/yourusername/passwdfile".

 


   • 410-788-1148 • © MaiaTech 2004