Jump to content

Recommended Posts

I have a site which is far from finished, it doesn't have a user registration system yet and has plenty of security holes that need patching. I wanna upload it onto the web so friends can enter data into it, but of course I don't want random people having access to it, and don't want bots attempting to index it. Will adding a .htaccess file with a username/password rule to the root directory keep all bots and humans (which don't have a username/password) out?

 

Side question: if someone logs into the site with a username/password combo that I added to the passwd file (used by the .htaccess file), will I be able to track the user? For example, if someone goes and deletes half the database, will I be able to tell which user it was without having to look through the apache log files? Sorry thats a bad example, lets say I want to make a welcome screen saying "Welcome user3", can I do that with .htaccess system?

.htaccess-based authentication will work as well as any username/password combination - meaning you need strong passwords - but without you having to implement (and potentially expose bugs in) the system yourself. The downside is that it's not very user-friendly because all they get is a popup prompt in their browser.

 

Unless you changed the log format, the access logs will tell you who hit what URLs. To make your code aware of the username, look to $_SERVER["PHP_AUTH_USER"].

So I got this password protection thing set up by adding these lines:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/.htpasswd
Require valid-user

to a .htaccess file in my sites root directory, and adding the username/hashed password combos to the .htpasswd file. I tested two of the usernames in the list and it works. I'm wondering now what the point of these group files are. Why would you add a group file? Does it have an advantage over what I did?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.