CrimpJiggler Posted March 14, 2014 Share Posted March 14, 2014 I have a site which is far from finished, it doesn't have a user registration system yet and has plenty of security holes that need patching. I wanna upload it onto the web so friends can enter data into it, but of course I don't want random people having access to it, and don't want bots attempting to index it. Will adding a .htaccess file with a username/password rule to the root directory keep all bots and humans (which don't have a username/password) out? Side question: if someone logs into the site with a username/password combo that I added to the passwd file (used by the .htaccess file), will I be able to track the user? For example, if someone goes and deletes half the database, will I be able to tell which user it was without having to look through the apache log files? Sorry thats a bad example, lets say I want to make a welcome screen saying "Welcome user3", can I do that with .htaccess system? Quote Link to comment Share on other sites More sharing options...
requinix Posted March 14, 2014 Share Posted March 14, 2014 .htaccess-based authentication will work as well as any username/password combination - meaning you need strong passwords - but without you having to implement (and potentially expose bugs in) the system yourself. The downside is that it's not very user-friendly because all they get is a popup prompt in their browser. Unless you changed the log format, the access logs will tell you who hit what URLs. To make your code aware of the username, look to $_SERVER["PHP_AUTH_USER"]. Quote Link to comment Share on other sites More sharing options...
Ansego Posted March 15, 2014 Share Posted March 15, 2014 You can also stop legit bots indexing your webpages through a robot.txt file : Reference: http://www.robotstxt.org/ Quote Link to comment Share on other sites More sharing options...
CrimpJiggler Posted March 18, 2014 Author Share Posted March 18, 2014 So I got this password protection thing set up by adding these lines: AuthName "Restricted Area" AuthType Basic AuthUserFile /var/www/.htpasswd Require valid-user to a .htaccess file in my sites root directory, and adding the username/hashed password combos to the .htpasswd file. I tested two of the usernames in the list and it works. I'm wondering now what the point of these group files are. Why would you add a group file? Does it have an advantage over what I did? Quote Link to comment Share on other sites More sharing options...
requinix Posted March 18, 2014 Share Posted March 18, 2014 What "group files" are you talking about? Require group X? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.