« Q & A page
« tech pages
Q: Adding secure password protection to a site
by Mike Slocombe
A: There are many free scripts and services available on the Web that can provide sites with basic - or advanced - password protection.
For the most secure protection, you're going to need access to your CGI-bin, where you'll
be able to use some of the excellent free (and commercial) scripts
available from resource sites such as cgi.resourceindex.com and Simplythebest.net.
For basic file protection, user authentication requires that
visitors type in a username and password before they're allowed access
to a document.
Setting up user authentication takes two steps.
First, you create a file containing the usernames and passwords.
Second, you tell the server what resources are to be protected and which visitors are allowed (after entering a valid password) to access them.
You'll have to make sure that your ISP lets you edit the .htaccess file needed
for this to work - contact it and check.
If it does, you can work out how to protect access from the step by step tutorial on password-protecting folders at www.apacheweek.com.
If you can't get access to your cgi-bin, there's a remotely hosted service that lets people register online and gain password
access, and the ad-festooned version is free - find it at www.fido7.com/free-cgi/auth.
If you're using PHP, check out the scripts at hotscripts.com. ASP users can find a this article on Microsoft's site: Password Protect Your ASP Pages
The most popular way of password protecting directories is to use .htaccess. You have to make sure that you
server runs Unix or Linux, or any version of the Apache web server - although your host may not allow you to use it
A .htaccess file is a simple text file which doesn't just password protect folders - you can also use it for redirecting users automatically, custom error pages, changing your file extensions, banning users with certain IP addresses, only allowing users with certain IP addresses, stopping directory listings and using a different file as the index file.
Comprehensive guide to .htaccess
Protecting Content With .htaccess Files - tutorial