Protecting Your Pages(Part 2)
by Nathan Poole
Setting up htpasswd
The htpasswd program is a little more complicated to setup than Allow/Deny. It does require a little more work, a little more typing, and most of all, a little more concentration.
To get started you'll need to open a telnet session to your server (in Windows 9x you can go Start -> Run then type telnet your_host.com).
Once logged in, you'll need to create a directory (syntax: mkdir directory_name) which you would like to protect from non-authorized users (that is, a directory accessible by members only).
You'll need to create an .htaccess file (syntax: vi .htaccess) and open it for writing (hit your "I" key) and print the following:
require user myfriend
Note Where it is written "/your/path/to/your/directory/" you'll need to insert the path of your htpasswd file. You can see which directory you're in by typing pwd at the prompt. You'll then need to hit your ESC key and type :x.
Now you should be back at the UNIX shell prompt and you'll need to type /usr/local/bin/htpasswd -c .htpasswd myfriend (assuming myfriend is the user you're wanting to create). If the above results in a response of "not found" type "whereis htpasswd" and use the output in place of the previous directory shown. It will ask you for a password once, and then again. Try loading the directory and you should be promted with a dialog box.
In this tutorial you have learnt how to protect directories using user authentication. These skills can be applied to many situations and add a little more security to your Web site. You have also been exposed to a few UNIX commands that are vital to programming such features on the World Wide Web. If you're looking to create other users using htpasswd, you just need to type /path/to/htpasswd username, replacing usernamewith the required login.
This article first appeared January 15, 1999.