Password Protecting Web Pages
Do not use this to post sensitive information, e.g., grades, student id numbers.
This information is for Linux users, but can be adapted by windows users.
Say you want to put information on the web that you want your class, but no one else, to have access to. Or say you want to put information on the web that people can access but not robots (i.e., you do not want it indexed by google).
Here is a method that is reasonably secure for doing so. (Any information that is highly sensitive might require better protection.)
Here is how it works in concept. First create a directory in your web accessible directory, say Public_html/myclassInfo/ . Make sure it has execute permissions so web browsers can access files in it.
The idea is to password protect this directory so that whenever a browser attempts to access a file in this directory, the user will be presented with a panel asking for a username and password that must be filled in correctly before access is granted.
Two files are needed (make sure both have universal read permissions). One is called .myclassinfopasswds (or whatever). Put this file in Public_html (not in myclassinfo) or, even better, put it in your home directory, beyond the reach of web browsers. This file will contain a list of usernames and passwords. Inside myclassinfo put a file called .htaccess This will tell the server where to find the file we're calling .myclassinfopasswds.
Here is what should be in the file .htaccess:
AuthUserFile /Full/Path/To/File/.myclassinfopasswds AuthGroupFile /dev/null AuthName ByPassword AuthType Basic <Limit GET POST> require valid-user </Limit>
Here is what goes in the file .myclassinfopasswds
username1:EtTpDmezeFZPU username2:Ox3I9uW/XvQs.
Each line of .myclassinfopasswds consists of a username and an encrypted password. You can make the usernames anything you want. A user will be given viewing access if the user enters any username and its corresponding password, when requested by the web server.
Here is how to generate the required encrypted password. On most UNIX systems you simply run the following command at the prompt in a terminal window:
htpasswd -nb username1 jhsdj
Here the username is username1, and the password is jhsdj .The output of the command will be the encrypted form
of jhsdj, say EtTpDmezeFZPU, which goes in the file .myclassinfopasswds as a line of the form:
username1:EtTpDmezeFZPU
Note the htpasswd command is only found on our webserver, www.math.unl.edu, so you will need to ssh to that machine to run the command.
You will of course have to tell your users what their usernames are and what each corresponding password is. If you just want to keep robots out, include a note about what the username is and password is at the same point that you have a link to the protected directory.
