Post by leunas on Dec 10, 2006 4:49:18 GMT -5
How to Create Password Protected Directory for Confidential Material
One important thing to do is to create password protected directories for confidential material that’s not available to public, but needs to be shared among team members. In this post I’ll go through how to create .htaccess files to protect your game files. I’m not going to go very deep on usage of .htaccess files in general, but I will tell you the basics you need to know to be able to keep unwanted people from your secret material. There’s also a small script that helps creating crypted password for .htaccess files. To be able to use this information, your web hosting provider must allow usage of .htaccess files for password protection.
Introduction
Basically the system is done like this. First you create a folder in your web server you want to protect (using for example some FTP program like SmartFTP. After you’ve created the folder you will need to put “password file” in your server, and then a .htaccess file to the directory you want to protect.
Step 1 - Create a password file
First you need to create a password file. Password file has no extension (like .txt or .exe), it’s simply a file that you can name like “mypassword”. There’s only one line in our password file. The idea of the password file is to store all usernames and passwords that are allowed to use your protected folder.
I made a small script to help you create crypted password: use this script to create line for your password file.
For example, try using the script above and put “testuser” and “testpass” to the username and password boxes. Then click “crypt password”. You should see a line like “testuser:$1$hKoP5FiQ$AMWwZ./TJusJX4oCCT9zs.” or something. Copy & paste that line to your “mypassword” file.
Step 2 - Put the password file in your server home directory
When you take FTP connection to your web server, you should see file structure like:
ftp.yourdomain.com:
public_html/
email/
www/
.bash
.mail
Put your “mypassword” file with these files. After you’ve done this, your home directory should look something like:
ftp.yourdomain.com:
public_html/
email/
www/
.bash
.mail
mypassword
Now you’ve uploaded the file and can proceed to the next step.
Step 3 - Create .htaccess file
The next step is to create a .htaccess file. Just open your editor and create a file named “.htaccess” (if your computer doesn’t allow you creating .htaccess file, then just create a file called “htaccess” without the dot in the beginning).
The contents of the file should be something like this:
AuthType Basic
AuthName “Protected folder”
AuthUserFile /home/someuser/mypassword
Require valid-user
Replace “someuser” to match your web hosting account name. Like for example, if you have own gamescompany.com then your web service provider might have created you web hosting account with username “gamescom”. Then your AuthUserFile line could look like this: “AuthUserFile /home/gamescom/mypassword”
Depending on your web host, the file content might be bit different. Google or check out wikipedia if you run into some problems. But for now, just create the file.
Step 4 - Create password protected folder and move .htaccess file there
Now you are ready to create a folder to your web server. Create a folder named “protected” and upload the .htaccess file into that folder. If you had to create htaccess file (without a dot in the beginning, then rename your “htaccess” file to “.htaccess” after you have uploaded it to the server).
Step 5 - All done
Now you can try testing your password protected folder. Simply go to www.yourwebsite.com/protected/ and it should ask for an username and password. Type “testuser” and “testpass” (the username and password you crypted in step 1) and you should be able to login. If the system asks password several times, type them several times (it’s bit picky whether you use “protected” or “protected/” in the URL) and you should be able to get in.
In case you encounter problems, check the following:
Finished
When you get things working, you can upload stuff in protected folders and share documents with other team members - safely.
www.gameproducer.net/2006/12/09/how-to-create-password-protected-directory-for-confidential-material/
One important thing to do is to create password protected directories for confidential material that’s not available to public, but needs to be shared among team members. In this post I’ll go through how to create .htaccess files to protect your game files. I’m not going to go very deep on usage of .htaccess files in general, but I will tell you the basics you need to know to be able to keep unwanted people from your secret material. There’s also a small script that helps creating crypted password for .htaccess files. To be able to use this information, your web hosting provider must allow usage of .htaccess files for password protection.
Introduction
Basically the system is done like this. First you create a folder in your web server you want to protect (using for example some FTP program like SmartFTP. After you’ve created the folder you will need to put “password file” in your server, and then a .htaccess file to the directory you want to protect.
Step 1 - Create a password file
First you need to create a password file. Password file has no extension (like .txt or .exe), it’s simply a file that you can name like “mypassword”. There’s only one line in our password file. The idea of the password file is to store all usernames and passwords that are allowed to use your protected folder.
I made a small script to help you create crypted password: use this script to create line for your password file.
For example, try using the script above and put “testuser” and “testpass” to the username and password boxes. Then click “crypt password”. You should see a line like “testuser:$1$hKoP5FiQ$AMWwZ./TJusJX4oCCT9zs.” or something. Copy & paste that line to your “mypassword” file.
Step 2 - Put the password file in your server home directory
When you take FTP connection to your web server, you should see file structure like:
ftp.yourdomain.com:
public_html/
email/
www/
.bash
Put your “mypassword” file with these files. After you’ve done this, your home directory should look something like:
ftp.yourdomain.com:
public_html/
email/
www/
.bash
mypassword
Now you’ve uploaded the file and can proceed to the next step.
Step 3 - Create .htaccess file
The next step is to create a .htaccess file. Just open your editor and create a file named “.htaccess” (if your computer doesn’t allow you creating .htaccess file, then just create a file called “htaccess” without the dot in the beginning).
The contents of the file should be something like this:
AuthType Basic
AuthName “Protected folder”
AuthUserFile /home/someuser/mypassword
Require valid-user
Replace “someuser” to match your web hosting account name. Like for example, if you have own gamescompany.com then your web service provider might have created you web hosting account with username “gamescom”. Then your AuthUserFile line could look like this: “AuthUserFile /home/gamescom/mypassword”
Depending on your web host, the file content might be bit different. Google or check out wikipedia if you run into some problems. But for now, just create the file.
Step 4 - Create password protected folder and move .htaccess file there
Now you are ready to create a folder to your web server. Create a folder named “protected” and upload the .htaccess file into that folder. If you had to create htaccess file (without a dot in the beginning, then rename your “htaccess” file to “.htaccess” after you have uploaded it to the server).
Step 5 - All done
Now you can try testing your password protected folder. Simply go to www.yourwebsite.com/protected/ and it should ask for an username and password. Type “testuser” and “testpass” (the username and password you crypted in step 1) and you should be able to login. If the system asks password several times, type them several times (it’s bit picky whether you use “protected” or “protected/” in the URL) and you should be able to get in.
In case you encounter problems, check the following:
- Make sure you typed your username and password correctly
- Make sure you generated valid username and password (feel free to try crypting again if things don’t seem to work in the first time)
- Make sure your .htaccess file is valid (consult your web hosting service provider in order to learn the valid format for it)
Finished
When you get things working, you can upload stuff in protected folders and share documents with other team members - safely.
www.gameproducer.net/2006/12/09/how-to-create-password-protected-directory-for-confidential-material/