Trackpads Community - View Single Post

12-24-2004, 19:00

I can turn on shell access in my control panel. I assume that I create this
..htaccess file with Notepad and save as .htaccess. I'll have several .html
files to enter in the <files></files>. Is this possible? I need an example
for 3 files (whole_sale_dist.html, howtosell.html, and download.html).

> <files secretfile.html>
> AuthUserFile /home/davis/passwd
> AuthGroupFile /dev/null
> AuthName EnterYourPassword
> AuthType Basic
> require valid-user
> </files>
REPLY: Other than Davis, I have 5 more wholesalers. Do I have to create the
above file for each wholesaler or simply enter the line AuthUserFile
/home/name/passwd between <files></file> for each of the 5 wholesalers?

> You create a password file at /home/david/passwd
> If you have shell access, type
> htpasswd -bc /home/davis/passwd user19 anthrax

REPLY: Where in the .htaccess file is this syntax used? Do I have to create
this password file for each of the 5 accounts? Using your example it would
seem that

htpasswd -bc /secretfile.html/davis/passwd user19 anthrax would be the
proper syntax. Why use */home* instead of *secretfile.html* if we are
protecting *secretfile.html*?

> To add a second user to the password file, you use
> htpasswd -b /home/davis/passwd user20 pneumonia
> (Using the -c flag would overwrite the original file. Oops!)

REPLY: Three users are insufficient. How do I avoid overwriting the original
file? Can you recommend a good tutorial?

This method appears to be time consuming and would require devoting a lot of
time to password management, but I'm willing to test it.

It would help to see exactly how this .htaccess file looks when properly
formatted (assuming I have shell access). I think I can turn shell on.

Thanks,

Davis G Howard
=====================================
"Paul Ding" <lancastir@webtv.net> wrote in message
news:qifms05vd54e377jm42tbc634m12dr7abj@4ax.com...
> On Thu, 23 Dec 2004 12

21 GMT, "Davis" <nospam@worldnet.att.net>
> posted something that included:
>
> >Hi,
> >
> >Can you recommend a good software program that I can use to password
protect
> >select pages on my web site. I am about to add a wholesale distribution
> >section that I do not want regular customers to access.
> >
> >The software must allow me to manage my wholesalers login password.
> >
> >Davis
> >http://www.segiftware.com
> >NotePad
>
> It's a lot more reliable to use htpasswd than anything else, very
> versatile, very easy - and you can either protect individual files, or
> you can protect entire directories.
>
> To protect an individual file called secretfile.html, you add this to
> the .htaccess file for that directory. (If you are protecting the
> entire directory, eliminate the <files> and </files> lines)
>
> <files secretfile.html>
> AuthUserFile /home/davis/passwd
> AuthGroupFile /dev/null
> AuthName EnterYourPassword
> AuthType Basic
> require valid-user
> </files>
>
> You create a password file at /home/david/passwd
>
> If you have shell access, type
> htpasswd -bc /home/davis/passwd user19 anthrax
> to create a new password file with user19 as a user whose password is
> anthrax. To add a second user to the password file, you use
> htpasswd -b /home/davis/passwd user20 pneumonia
> (Using the -c flag would overwrite the original file. Oops!)
>
> If you don't have shell access, you need to edit that file by hand.
> Each line starts out with the username followed by a colon and the
> encrypted password. There's a utility at
> http://paulding.net/bin/crypt.cgi that will generate the encrypted
> passwords for you. If you enter pneumonia as the password, you get
> back something like "pneumonia:pNV0ZhfRnQwJw" You don't need the
> password in both plaintext and encrypted form in the passwd file,
> though. Change that to user20:pNV0ZhfRnQwJw and add that line to the
> end of the password file.
>
> To remove someone's access, simply delete their line in the password
> file.
>
> This is *really* basic authentication; if you'd like to explore some
> of the more advanced things you can do, check out these two pages.
> http://httpd.apache.org/docs-2.1/howto/auth.html
> http://httpd.apache.org/docs/programs/htpasswd.html
>
>
>
> --
> If we're losing 40-130 species a day,
> How come nobody can itemize them?
> And why can't fruitflies be one of them?

12-24-2004, 19:00	#4 (permalink)
Davis Civilians	Re: Password Protect Wholesaler Web Pages I can turn on shell access in my control panel. I assume that I create this ..htaccess file with Notepad and save as .htaccess. I'll have several .html files to enter in the <files></files>. Is this possible? I need an example for 3 files (whole_sale_dist.html, howtosell.html, and download.html). > <files secretfile.html> > AuthUserFile /home/davis/passwd > AuthGroupFile /dev/null > AuthName EnterYourPassword > AuthType Basic > require valid-user > </files> REPLY: Other than Davis, I have 5 more wholesalers. Do I have to create the above file for each wholesaler or simply enter the line AuthUserFile /home/name/passwd between <files></file> for each of the 5 wholesalers? > You create a password file at /home/david/passwd > If you have shell access, type > htpasswd -bc /home/davis/passwd user19 anthrax REPLY: Where in the .htaccess file is this syntax used? Do I have to create this password file for each of the 5 accounts? Using your example it would seem that htpasswd -bc /secretfile.html/davis/passwd user19 anthrax would be the proper syntax. Why use /home instead of secretfile.html if we are protecting secretfile.html? > To add a second user to the password file, you use > htpasswd -b /home/davis/passwd user20 pneumonia > (Using the -c flag would overwrite the original file. Oops!) REPLY: Three users are insufficient. How do I avoid overwriting the original file? Can you recommend a good tutorial? This method appears to be time consuming and would require devoting a lot of time to password management, but I'm willing to test it. It would help to see exactly how this .htaccess file looks when properly formatted (assuming I have shell access). I think I can turn shell on. Thanks, Davis G Howard ===================================== "Paul Ding" <lancastir@webtv.net> wrote in message news:qifms05vd54e377jm42tbc634m12dr7abj@4ax.com... > On Thu, 23 Dec 2004 1221 GMT, "Davis" <nospam@worldnet.att.net> > posted something that included: > > >Hi, > > > >Can you recommend a good software program that I can use to password protect > >select pages on my web site. I am about to add a wholesale distribution > >section that I do not want regular customers to access. > > > >The software must allow me to manage my wholesalers login password. > > > >Davis > >http://www.segiftware.com > >NotePad > > It's a lot more reliable to use htpasswd than anything else, very > versatile, very easy - and you can either protect individual files, or > you can protect entire directories. > > To protect an individual file called secretfile.html, you add this to > the .htaccess file for that directory. (If you are protecting the > entire directory, eliminate the <files> and </files> lines) > > <files secretfile.html> > AuthUserFile /home/davis/passwd > AuthGroupFile /dev/null > AuthName EnterYourPassword > AuthType Basic > require valid-user > </files> > > You create a password file at /home/david/passwd > > If you have shell access, type > htpasswd -bc /home/davis/passwd user19 anthrax > to create a new password file with user19 as a user whose password is > anthrax. To add a second user to the password file, you use > htpasswd -b /home/davis/passwd user20 pneumonia > (Using the -c flag would overwrite the original file. Oops!) > > If you don't have shell access, you need to edit that file by hand. > Each line starts out with the username followed by a colon and the > encrypted password. There's a utility at > http://paulding.net/bin/crypt.cgi that will generate the encrypted > passwords for you. If you enter pneumonia as the password, you get > back something like "pneumonia:pNV0ZhfRnQwJw" You don't need the > password in both plaintext and encrypted form in the passwd file, > though. Change that to user20:pNV0ZhfRnQwJw and add that line to the > end of the password file. > > To remove someone's access, simply delete their line in the password > file. > > This is really basic authentication; if you'd like to explore some > of the more advanced things you can do, check out these two pages. > http://httpd.apache.org/docs-2.1/howto/auth.html > http://httpd.apache.org/docs/programs/htpasswd.html > > > > -- > If we're losing 40-130 species a day, > How come nobody can itemize them? > And why can't fruitflies be one of them?