Web Passwording

Web Passwording

Be aware that web passwording is only marginally secure. Since the files are still world readable, this method of restricting access assumes that the user is attempting to gain access through an application which is html compliant, eg all web browsers. In the simplest example, a user with a shell account on the web page's machine has trivial access to the files. For much better security, use PGP encryption.

The existence of a .htaccess file in a web directory causes that directory (all the files in it, and subdirectories too) to be protected. The access file points to a password file which contains user/password pairs. More than one .htaccess file can point to the same password file.

Note that not all operating systems or machines support this feature. If the feature is supported however and you implement it correctly, I believe that all browsers will require the username and password before allowing access.

AuthUserFile /afs/athena.mit.edu/user/m/e/mer/www/JaneDoe/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

<Limit GET>
require user JaneDoe

This .htpasswd file only contains one user/password combo.