password protecting a folder

[don]

I have a folder in my public html folder which I would like to password
protect so that only certain people would be able to open this link.

How would I do this.......... my website is on a Unix hosting
account........... www.mywebsite.com/privateFolder

Thanks.........

 

[richard]

I have a folder in my public html folder which I would like to password
protect so that only certain people would be able to open this link.

How would I do this.......... my website is on a Unix hosting
account........... www.mywebsite.com/privateFolder

Thanks.........

ask your host if you can do that or not.
you would need a script for that either in javascript or php.
if you have php then you could set up a sql database and use that.

 

[Beauregard T. Shagnasty]

ask your host if you can do that or not.
Duh.

you would need a script for that either in javascript or php.
if you have php then you could set up a sql database and use that.

Oh my. That is soooo wrong! One does *not* password-protect a
directory at a web server with JavaScript or PHP. Impossible.

There are several ways that *will* work, but don did not mention what
kind of hosting software is being used (Unix is the OS, not the host).
Apache ... IIS ... If it is Apache,
Google for: apache password protect directory
Thousands of hits.

 

[dorayme]

ask your host if you can do that or not.
you would need a script for that either in javascript or php.
if you have php then you could set up a sql database and use that.

No, it can be done simply on many hosting set-ups if you have access to
..htaccess

This may help OP:

<http://www.freewebmasterhelp.com/tutorials/htaccess/1>

 

[don]

richard wrote:


There are several ways that *will* work, but don did not mention what
kind of hosting software is being used (Unix is the OS, not the host).
Apache ... IIS ... If it is Apache,
Google for: apache password protect directory
Thousands of hits.

Ok thanks - I googled and now I know what I need to do.......... it was
Apache, I thought it was a Unix permission thing I had to do.

 

[richard]

No, it can be done simply on many hosting set-ups if you have access to
.htaccess

This may help OP:

<http://www.freewebmasterhelp.com/tutorials/htaccess/1>

Very true.
However, that method has some security issues.
Anyone with the knowledge could hack it.
Using php and an sql database is,IMO, much more secure.
Or at least use a CGI script.

 

[richard]

Oh my. That is soooo wrong! One does *not* password-protect a
directory at a web server with JavaScript or PHP. Impossible.

There are several ways that *will* work, but don did not mention what
kind of hosting software is being used (Unix is the OS, not the host).
Apache ... IIS ... If it is Apache,
Google for: apache password protect directory
Thousands of hits.

http://www.zubrag.com/scripts/password-protect.php

Just one of a few hundred thousand.

 

[rf]

http://www.zubrag.com/scripts/password-protect.php

Just one of a few hundred thousand.

Just one of a few hundred thousand that do *not* password protect a folder.

Sure, it password protects access to the PHP scripts that are in that
folder, but that is all.

Please explain to all of us, RtS, how this can stop me from accessing, say,
an image from the folder that is "protected". *That* is what .htaccess
password protection is all about.


BTW you still have not explained why "have PHP" is required to be able to
set up "a sql database".

 

[rf]

Very true.
However, that method has some security issues.
Anyone with the knowledge could hack it.

Bullshit.

I have built a simple test for you RtS. Here is a folder protected via
..htaccess:

http://barefile.com.au/protected/

There is a file in there called index.html.

After you have used your "anyone with the knowledge" to hack it please list
here, for all of us to see, the contents of that file.

Hint: Nothing at all you can possibly do client side will convice Apache to
serve up that file unless you know the userid and password.

I'm waiting...

Using php and an sql database is,IMO, much more secure.
Or at least use a CGI script.

Your opinion is rather less than worthless RtS.

And how does PHP and an SQL database protect the image I have also put in my
folder? There is one there. Please also tell us all what is in that image.

 

[Beauregard T. Shagnasty]

http://www.zubrag.com/scripts/password-protect.php

Just one of a few hundred thousand.

...which won't work to protect content, only URLs/pages.

But then it is expected that you wouldn't know that.

 

[Doug Miller]

ask your host if you can do that or not.
you would need a script for that either in javascript or php.

What a load. How can javascript -- running on the CLIENT -- secure ANYTHING
that's stored on the SERVER??

And no, you don't need a script of any sort to secure a folder or directory. A
htaccess file does the job just fine. Perhaps you'd care to explain how you'd
go about using a PHP script to password-protect a directory. Better yet, *show
us*. Create a directory on your web host and "password protect" it with the
PHP script of your choice. Post the URL of that directory here and see how
long it takes for one of us to post a list of its contents.

if you have php then you could set up a sql database and use that.

More utter nonsense.
1) There is simply *no way* in which an SQL database can password-protect a
directory.
2) SQL does not require PHP.

 

[richard]

In addition to the other comments, your Web host most likely has a
Web-based Control Panel (usually in the Administration section once you
are logged onto your account) where you can do this quite easily.

But usually only for your use. Not for the general public.

 

[dorayme]

...

I think it has worked, Dick! The plan to seed a little conversation into
this usenet group after so much unbearable silence? Remember? You
know... where you make a play with the ball, any kind of play, nothing
fancy needed, and the whole of the rest of the rugby team pile in... <g>

 

[rf]

But usually only for your use. Not for the general public.

And just who is going to be password protecting this folder? The OP or the
general public?

My money is on the OP.

 

[freemont]

What a load. How can javascript -- running on the CLIENT -- secure
ANYTHING that's stored on the SERVER??

And no, you don't need a script of any sort to secure a folder or
directory. A htaccess file does the job just fine. Perhaps you'd care to

You're telling this to a guy who thinks that you need a script to view
metadata within a photo file.

Message-ID: <[email protected]>

 

[cwdjrxyz]

I have a folder in my public html folder which I would like to password
protect so that only certain people would be able to open this link.

How would I do this.......... my website is on a Unix hosting
account...........www.mywebsite.com/privateFolder

You have had many replys that are useful. There is another method that
should work on any server. You can create an encrypted self-extracting
zip file of a file or whole directory containing many files. You then
upload this encrypted zip file to your server. When one goes to the
url, you are offered to download it. If you select to download it, you
then double click on the encrypted file. A screen comes up asking for
a password. If you give the proper password, and enter, the zip file
is automatically extracted to give the file or directory containing
several files that you protected. Since the protected zip file is an
application with extension .exe, that alone will scare many away who
do not know you. If they insist on downloading anyway they are very
unlikely to be able to open the file if you use a very long password
containing upper and lower case letters and numbers. That is easy
enough to produce with a random password generator.

For an example, go to http://www.cwdjr.net/Aup/fan_dance.exe . The
password is althtml . Since this an .exe file, I suggest that anyone
who does not know me not try to open it since opening unknown
applications from groups can be a dangerous habit.

 

[dorayme]

For an example, go to http://www.cwdjr.net/Aup/fan_dance.exe . The
password is althtml . Since this an .exe file, I suggest that anyone
who does not know me not try to open it since opening unknown
applications from groups can be a dangerous habit.

I would suggest that it is ok for them to open it in this case even
though they don't know you. <g>

 

[rf]

You have had many replys that are useful. There is another method that
should work on any server. You can create an encrypted self-extracting
zip file of a file or whole directory containing many files. You then
upload this encrypted zip file to your server. When one goes to the
url, you are offered to download it. If you select to download it, you
then double click on the encrypted file. A screen comes up asking for
a password. If you give the proper password, and enter, the zip file
is automatically extracted to give the file or directory containing
several files that you protected. Since the protected zip file is an
application with extension .exe, that alone will scare many away who
do not know you. If they insist on downloading anyway they are very
unlikely to be able to open the file if you use a very long password
containing upper and lower case letters and numbers. That is easy
enough to produce with a random password generator.

I suggest that you do not offer any further advice on password protecting
folders.

For an example, go to http://www.cwdjr.net/Aup/fan_dance.exe . The
password is althtml . Since this an .exe file, I suggest that anyone
who does not know me not try to open it since opening unknown
applications from groups can be a dangerous habit.

My browser offers me the *ONLY* option of downloading this file.

How is this an answer to merely requesting a password before viewing, in a
browser, the contents of some folder?

 

[rf]

You're telling this to a guy who thinks that you need a script to view
metadata within a photo file.

Message-ID: [email protected]

And this is where RtS, having been proven wrong, disappears from the thread.

 

[Doug Miller]

And this is where RtS, having been proven wrong, disappears from the thread.

Question: I'm still fairly new here. I've seen a number of people refer to him
as RtS; apparently the R stands for his name, Richard -- what about tS?

I have a few speculations... but I think I'd prefer to keep them to myself
just now...