o^3 Cubic Circle

Password protecting WWW pages

Password protection for WWW pages is a standard extension available on this WWW server.

Say, for example, you'd like to protect a subtree from your www pages from unauthorised access. If this subtree is under the ~yourloginname/www/protect directory, then this is what you could do:
  1. Create a file named ~yourloginname/www/protect/.htaccess with the following content:
    authuserfile /u/yourloginname/www/protect/.passwords
    authname The supercalifragilistic protected pages
    authtype basic
    
    <limit get post put>
    require valid-user
    </limit>
    
    This file tells the WWW server that all get, post and put operations in this subtree should not be allowed to anyone other than people present and identified through the password file specified above. The value specified after authname must be something which uniquely identifies your (protected) website.

  2. Create a file named ~yourloginname/www/protect/.passwords with the following content:
    stephen:WTjaZHUzELy8Y
    geronimo:AUxL5zn3qe/HY
    
    This file contains username:password pairs. The password is in a special one-way encrypted format. To generate this encrypted format, use the password encryptor.

Giving it a try

The password for the stephen account in the example above is secret; the password for geronimo is hello. Try accessing the protected page without giving it a correct username and password; then try it with a valid pair.