HTTP Authentication
(and other server-based password protection)

While the GateKeeper is a nifty piece of Javascript that rather effectively password protects pages, there is a more "by the book" method... HTTP authentication. This is entirely server based and under many (if not most) circumstances, you can use it.

Here is an example of a .htaccess protected directory...

My Secret Page!
(username is ronny and password is reagan)

HTTP Authentication has been around for years as a basic and standard method of protecting directories and files on a server. In its simplest form, it involves editing a couple text files on the server and using a small password encryption utility on the server. While this can usually be done manually if necessary, it is generally preferrable to go about it in a more user-friendly manner... especially if there are numerous users & passwords or if they change a lot.

Your first step should be to look through your web host's documentation or help pages. (Web host being whoever is hosting your web pages on the Internet). Nowadays, many web hosts have a web-based control panel where you can more easily perform many server related tasks... such as password protecting directories. If you own your own domain name and your web host utilizes cPanel (a popular web-based hosting control panel), then almost certainly you can go this route...

cPanel, partial screen shot:
cPanel, partial screenshot

Other web hosts may offer something similar... or, they may offer nothing of the sort.

Now, keep in mind that just because your web host may offer a convienence such as this, that doesn't necessarily mean it's the ONLY way to go about password protecting your directories.

There are an awful lot of scripts available that make use of basic HTTP authentication... and if you own your own domain name, it's very likely you will be able to use them. They range from the fairly simple, to full blown username/password management systems. Some are free, and some cost money. Some are fairly easy to set up, some require a certain amount of expertise. It would be a good idea to look around and see what's available to you and what may fit your particular needs. Here are a couple good places to look...

CGI Resource Index: Password_Protection (Perl scripts)
PHP Resource Index: Password_Protection (PHP scripts)

I should mention that you normally don't need to be a Perl or PHP expert to set this sort of thing up. Most offerings come with pretty good instructions, most can be set up fairly easily, and some even come with installation included in the price. That said, the closer you are to "newbie" status, the harder it's going to be to set this up yourself. The good news is, if you ARE a newbie... you CAN do it... you may have to struggle a little... but I promise you'll learn a WHOLE lot along the way.

Earlier I mentioned setting up HTTP Authentication by hand. If you're interested in going this route, I have a few links for you...

Apache Week: Using User Authentication
Mosaic User Authentication Tutorial
Google search of HTTP authentication

Also, because I thought it might help, I set up a protected directory and documented it step by step complete with screen captures...

HTTP Authentication example & run through

And lastly... you'll hear computer people talk about how simple this stuff is. It is simple... after you've done it a few times. That's the part they forget about. So, if at first you struggle, and fumble, and curse the day you ever bought your computer -- you're normal. After a few times though, you too will be able to boast... "HTTP authorization is a very simple matter to set up".

GateKeeper - Javascript Password Protection
GateKeeper 1  ·  GateKeeper 2  ·  GateKeeper 3  ·  HTTP Authentication  ·  The Vault
HTML 4.0 Reference      Barebones HTML Guide