Password protecting parts of a website

[HenryCan]

I would like to password-protect a few parts of my website so that only members of my book discussion club can access those pages. The vast majority of the site will stay open to visitors who don't belong to the club.

 

I should mention that I am using two different hosting services, one for the main copy of the website and one for the backup site. (The backup site is where I make changes and see how the club members like them before copying the changes to the main site.) The two hosting services offer somewhat different services so may operate different web servers (or maybe just different levels of Apache for all I know). The main site doesn't even offer databases with their free accounts. (Hmm, maybe i need to move the main site to one that has more facilities....).

 

I've been googling for info about password-protection and have seen a variety of techniques suggested. I haven't tried any of them so I have no idea which ones work best. I'd rather not have to try several of them before finding the right one. I'm hoping people here can make a case for one or two approaches so that I can decide, then point me to tutorials on how to write the code for that solution.

 

The information that we'd protect is not terribly sensitive, the way credit card information would be. I'm mostly just trying to keep personal information like lastnames, phone numbers, and email addresses out of view of non-members. I'd also like to ensure that certain actions - like accessing forms for proposing future meeting topics - are done only be members of the club.

 

The other factor I should mention is that we have no money to spend on this. I'm willing to invest some time but we have no budget for buying something off the rack.

[Christian F.]

I recommend starting with this post.

Preferably the entire thread, as there's a lot of useful information on how to properly secure your entire site there. Any chain is only as strong as the weakest link, after all.

 

Anyway, reason why protecting passwords is so important, is because people tend to use the same username/email and password combination on all/most of the sites they frequent, including the mail account. The latter usually also contains login information to other sites, and other private, personal and/or sensitive information.

So even if your system only protect your discussions about the global weather on mars, the passwords can give attackers complete access to all of their personal details via other sites.

Edited February 10, 2013 by Christian F.