Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Simple password only protection

Status
Not open for further replies.
RenoWV

RenoWV

Technical User
Mar 16, 2002
156
0
0
US

We have a directory that needs minimal password protection . I realize that htaccess is the very best security, however I don't even want people to have to remember a username -- a single common password for everyone would be fine.

I searched through many tutorials this afternoon looking for a simple "pass_word_only.pl" type of script that would allow me to accomplish this, but had no luck, thus my posting here.

I was hoping I could find something that would allow me to define the common password in the code, upload to the specified folder, chmod to 755, then add "require pass_word_only.pl" to the top of any scripts I wanted to protect within the directory.

The idea here is when the script was called that had the "require passwordonly.pl" line, a password box would launch, and the user would not be able to proceed until they either put in the correct pw or closed the box.

Is something like that even possible? (I'm the first to admit my lack of understanding ;-} ). If so and if anyone is aware of where this kind of code can be found, I'd be grateful. Thanks....

---------------------------
 
Sort by date Sort by votes
Using htaccess files is often not the best way to do it.
It is often stressed that only use htaccess files if you dont have admin access to httpd.conf.
You can add an entry similar to this to your httpd.conf file and specify a generic username.
Code: 
<Directory "C:\Apache2\WebRoot\htdocs\SecureSpace">
	AuthType Basic
	AuthName "User secure directory"
	AuthUserFile "C:\Program Files\Apache Group\Apache\passwd\passwd"
	require user TestGroup
</Directory>

Run htpassword, specify your group username, and enter a password.
Sure, people still need a username, but you could set it to something simple like 'staff' or 'Xylophone'.

A much simpler and sturdy solution.
 
Upvote 0 Downvote

Thank you majorbiff for your detailed response, and for explaining that htaccess is not in fact the first choice in security (which I did not realize). Whether or not our server allows us to access our httpd.conf file is something that I candidly do not know, but I will certainly take your advice and will try to find out...

-----------------------------------
 
Upvote 0 Downvote
Interesting reading here:

Quote:
In general, you should never use .htaccess files unless you don't have access to the main server configuration file. There is, for example, a prevailing misconception that user authentication should always be done in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tester_V
  • Locked
  • Question
Need to print only the first line that has a match ...
Replies
2
Views
159
Tester_V
Tester_V
Pudsters
  • Locked
  • Question
Online order form to only print items ordered 1
Replies
4
Views
115
Pudsters
Pudsters
whn
  • Locked
  • Question
A very simple script does not work 1
Replies
4
Views
103
whn
whn
whn
  • Locked
  • Question
A simple code runs at cmdline, but not in cron job
Replies
2
Views
100
whn
whn
eggbaconsandwich
  • Locked
  • Question
simple regex issue
Replies
2
Views
87
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top