​A selection of topics on IT and its application to finance. 
​Send me your comments, questions ​or suggestions by clicking

Password protecting a web page

Here's the steps you need to take if you want to password protect one of your web pages. I'm assuming the connection to your host server is via command-line FTP so I'll be referring to UNIX commands for certain tasks but you can do the same things using a windows-based FTP program  like WSFTP.

1) First of all create a new directory under your home directory on the server where the page(s) will be stored. Lets say you call it 'safe'. In UNIX you'd type in the command
mkdir safe. Next you need to chmod the directory to 755 by typing chmod 755 safe.

2) Next you need to create two new files in your safe directory called .htaccess and .htpassword. Note that both of these filenames begin with a dot character which you may have problems re-creating if you're transferring them from a PC (non-UNIX) environment. The solution is to create them on the PC without the dot as part of their names. Once they're safely transferred to your host server they can be re-named to include the initial dot character.

3) The .htaccess file should contain the following text highlighted below.

AuthUserFile /home/your-isp-user-name/safe/.htpasswd
AuthName "This text will appear in the pop-up box asking for the username/password"
AuthType Basic
require valid-user

NB please substitute the strings your-user-name and your-web-page-name above with your own appropriate text. The Authname text can be anything you wish.

The .htaccess file must be chmod'd to 604. i.e
chmod 604 .htaccess

4)The .htpasswd file should contain a username and encrypted password for each user you want to have access to your password protected web page. Each username/password should be on a separate line. This file should also be chmod'd to 604. OK, so how do I get an encrypted password. Easy, just follow this link http://www.flash.net/cgi-bin/pw.pl. If this link no longer exists by the time you read this do a search on google and you'll find loads more. Ok, so once you're there you have to fill in a username box and your unencrypted password string. Once you have done this you will be presented with its encrypted version. It is this encrypted version along with your chosen username  which makes up the contents of your .htpasswd file. In the .htpasswod file the username and password are separated by a colon.

5) Finally, simply put the web page you want to protect into your
safe directory. You should find that any access attempted will result in the familiar username/password prompt screen appearing.

As a final note you should be warned that the encryption process carried out on your password is a long way from being secure. In fact a determined hacker would find it quite simple to crack it so please do not use it to protect sensitive company data, your bank account details or such like. For most things though it's good enough.