Action, protest, campaigns, demos and issues magazine features, photos, articles, stories photos of London, New York, Wales, England and photography features music, parties, clubs, events, records, releases drug information, harm reduction, no-nonsense guide punch a celebrity football, features, issues, cardiff city games, useless games and diversions technical info, web authoring, reviews and features site news, updates and urban75 blog urban75 community news and events urban75 bulletin boards join the chatroom search urban75 back to urban75 homepage
London features, photos, history, articles New York features, photos, history, articles Brixton features, photos, history, articles panoramas, 360 degree vistas, London, New York, Wales, England Offline London club night festival reports, photos, features and articles urban75 sitemap and page listing about us, info, FAQs, copyright join our mailing list for updates and news contact urban75
web question and answers

« Q & A page

« tech pages

Q: Adding secure password protection to a site
by Mike Slocombe

Q: I want visitors to register and login using a username and password to use the free resources on my site. I've managed to write a JavaScript applet that validates usernames and passwords contained in a script. But it's insecure - if you view source, you can find out the username and password. I also want registration to be instant. Could you help me, or point me in the direction of a free service that provides this?
David Mytton

A: There are many free scripts and services available on the Web that can provide sites with basic - or advanced - password protection.

For the most secure protection, you're going to need access to your CGI-bin, where you'll be able to use some of the excellent free (and commercial) scripts available from resource sites such as and

For basic file protection, user authentication requires that visitors type in a username and password before they're allowed access to a document.

Password protect your pages Setting up user authentication takes two steps.

First, you create a file containing the usernames and passwords.

Second, you tell the server what resources are to be protected and which visitors are allowed (after entering a valid password) to access them.

You'll have to make sure that your ISP lets you edit the .htaccess file needed for this to work - contact it and check.

If it does, you can work out how to protect access from the step by step tutorial on password-protecting folders at

If you can't get access to your cgi-bin, there's a remotely hosted service that lets people register online and gain password access, and the ad-festooned version is free - find it at

If you're using PHP, check out the scripts at ASP users can find a this article on Microsoft's site: Password Protect Your ASP Pages

The most popular way of password protecting directories is to use .htaccess. You have to make sure that you server runs Unix or Linux, or any version of the Apache web server - although your host may not allow you to use it

A .htaccess file is a simple text file which doesn't just password protect folders - you can also use it for redirecting users automatically, custom error pages, changing your file extensions, banning users with certain IP addresses, only allowing users with certain IP addresses, stopping directory listings and using a different file as the index file.

More info:
Comprehensive guide to .htaccess
Protecting Content With .htaccess Files - tutorial
.htaccess Tutorial

May 2004

urban75 - community - action - mag - photos - tech - music - drugs - punch - football - offline club - brixton - london - new york - useless - boards - help/FAQs - © - design - contact - sitemap - search