Password protection in html
This information is for Linux users, but can be adapted
by windows users.
Say you want to put information on the web that
you want your class, but no one else, to have access to.
Or say you want to put information on the web that
people can access but not robots (i.e., you do not want it
indexed by google).
Here is a method that is reasonably secure for doing so.
(Any information that is highly sensitive might
require better protection.)
Here is how it works in concept. First create
a directory in your web accessible directory,
say Public_html/myclassInfo/ . Make sure it has
execute permissions so web browsers can access
files in it.
The idea is to password protect this directory so that
whenever a browser attempts to access a file in this
directory, the user will be presented with a
panel asking for a username and password
that must be filled in correctly before
access is granted.
Two files are needed (make sure both have universal read permissions).
One is called ".myclassinfopasswds" (or whatever).
Put this file in Public_html (i.e., not in myclassinfo/ ) or, even
better, put it in your home directory, beyond the reach of web
browsers. This file will contain a list of usernames and passwords.
Inside myclassinfo/ put a file called ".htaccess". This will
tell the server where to find the file we're calling
Here is what should be in the file .htaccess:
Note: Replace /Net/mathstat/Users/Fac/XXX by the pathname of
the directory where you put the file .myclassinfopasswds .
Here is what goes in the file ".myclassinfopasswds":
Each line of ".myclassinfopasswds" consists of a username and an
encrypted password. You can make the usernames anything you
want. A user will be given viewing access if the user
enters any username and its corresponding password, when requested
by the web server.
Here is how to generate the required encrypted password.
On most UNIX systems you simply run the following
command at the prompt in a terminal window:
htpasswd -nb jdoe jhsdj
Here the username is jdoe, and the password is jhsdj .
The output of the command will be the encrypted form
of jhsdj, say EtTpDmezeFZPU, which goes in the file
".myclassinfopasswds" as a line of the form:
Unfortunately, our Linux system does not recognize the command
htpasswd. The answer is to log on to another UNIX system (most
will recognize htpasswd), or visit a website, such as
http://www.xs4all.nl/~remcovz/htpasswd.html, which will run the command for you.
You will of course have to tell your users what their usernames are and what
each corresponding password is. If you just want to keep robots out,
include a note about what the username is and password is at the same point
that you have a link to the protected directory.