Does anyone know how to put a password on a certain part of your website? I want a public part of the website but I also need a certain part of it to be private. Does anyone know a simple way to add password protection?
Assuming you have an Apache server, you can read all about it here. It opens up a world of possibilities in plain English:
But keep in mind that a plain vanilla .htaccess configuration is not very secure. It’s enough to keep casual users out out but trivial for a serious hacker to break into.
Thanks for the advice all, it’s an Apache server and I set it up already
I don’t think I need to keep out any serious hackers, so I think this’ll be just fine
Really ! trivial I don’t think so. I have set up quite a few .htaccess files, and unless you are using some options I have never heard of , or doing things like running on an insecure server ( which defeats the purpose anyway ) .htaccess is very secure.
I’m assuming that he’s not running SSL and is planing to use basic authentication. In that case, the user name and password will be encoded in base 64 in the header. That’s pretty trivial to decode. So the security is about the same as using telnet. Of course if you think telnet is secure…
Quite true for basic auth. However that passwords
are sent in the clear is not only a problem of .htaccess.
Any password method would have the same problem
if it wasn’t using SSL. Cookie based access methods
also send login/state information over the wire.
If you use mod_auth_digest the password is sent as
a MD5 digest, which is more secure. It does however
send information over the wire if you are not using
SSL, just not in the clear.
So if you want to secure something use SSL.
And as for telnet , I cannot remember the last time
I used it. I won’t even use ftp for the same reason
( cleartext passwords ) . scp and ssh are the two I use.
So if you want to be secure use SSL, SSH, and SCP.
( And of course keep your box up to date )