Software Distributor
Free Copy Protection
Software Downloads
How To Setup HTACCESS
Software Distributor
Copy Protection
Menu
Info
Company
Resources
How To Setup .HTACCESS

This page explains how to setup passwords using the .htaccess file. You can also interface your password files with your e-commerce provider. If your website is running under Windows IIS then you will require some expensive software (e.g. Flicks Software). If you are running on a Unix flavoured operating system then you can do it for free. Your e-commerce provider will automatically generate a new username and password and place it into your password file. Check with your e-commerce provider to determine if they provide this service.

Password Encryption - MD5 Overview:
All passwords in the password file are in MD5 hash format. You must use a password generator tool to create a password for the password file. The MD5 just takes the password that you enter and creates a hash key based upon an algorithm. You cannot reverse the hash key to obtain the original password. The purpose of MD5 is to allow various systems to check whether the password is valid without knowing the actual password. Every time you change passwords, you will have a new MD5 hash key. You must enter that key in the password file.

See PHP Authentication Schemes

See the following for password generator tools and documentation:

Zapper Software MD5 Password Generator

U-Net Password Generator

JavaScriptKit

HTACCESS Generator

Basic Overview:
    Steps:
  1. Create a Password file (you must correctly encrypt the password)

    The format is USERNAME:ENCRYPTED_PASSWORD
    e.g.
    george:y4E7Ep8e7EYV
    Call the file .htpasswd

  2. Upload the password file (.htpasswd) to a directory that is not accessible to web surfers. This is the AuthUserFile - change yourwebsite/safedirectory to the correct naming conventions and directory according to your ISP.
  3. Create a new directory to protect e.g. baseball
  4. Create HTACCESS file with the following (changes required):
    AuthUserFile /usr/local/yourwebsite/safedirectory/.htpasswd
    AuthGroupFile /dev/null
    AuthName EnterPassword
    AuthType Basic
    require user george

  5. Upload HTACCESS file to the directory .htaccess file to be placed in the directory to protect
  6. Upload BKEY.BAT and BKEY.HTML to the directory
  7. Test the directory by trying to access BKEY.HTML - see note about mixed case.

    NOTE: Keep everything in lowercase. BKEY.BAT should be bkey.bat and BKEY.HTML should be bkey.html. This is because some Unix flavoured sites can be case sensitive (like mine). Remember to tell your customers that the URLs and KEYS are all case-sensitive. You can change your site to be lower case only to avoid potential problems. This can serve as additional security when allowing mixed case.

    NOTE: Your e-commerce provider should be able to provide automatic updating of the .htaccess and .htpasswd files.
Here is another actual example that was originally generated using Front Page:

Service Password: This file is called service.pwd and resides in:
/var/chroot/home/content/P/P/e/yourwebsite/html/_vti_pvt/service.pwd

# -FrontPage-
george:Zxfxr6fyQzqIw
mary:el1YlMAsIP5Fg
ibm:Gxhxs7fyLzqIx
microsoft:Hqrfv8gxMzqKn
redhat:xHRgk2gxMzqKa


Service Group:
This file is called service.grp and resides in:
/var/chroot/home/content/P/P/e/yourwebsite/html/_vti_pvt/service.grp

# -FrontPage-
administrators: george
authors: mary
customers: ibm microsoft redhat


.htaccess File:
This file is call .htaccess and resides in the directory that you wish to protect. All subdirectories will be protected.

# -FrontPage-
Options None
<Limit GET POST>
order deny,allow
deny from all
allow from all
require group authors administrators customers
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthType Basic
AuthName www.yourwebsite.com
AuthUserFile
/var/chroot/home/content/P/P/e/yourwebsite/html/_vti_pvt/service.pwd
AuthGroupFile
/var/chroot/home/content/P/P/e/yourwebsite/html/_vti_pvt/service.grp


You can integrate all of this with MySQL or another database.
Get The FREE Software:
Summary of Products and Services:

ShareGuard Copy Protection for Shareware Developers

Windows 32 software development & products

Free Software Distribution for Shareware Developers

Consulting - corporate or small/medium sized business

Software Development - Windows and IBM mainframe

Database Design & Administration

Web-site Development - dynamic/static

Free Software Downloads

Articles on Copy Protection

Products and Services for Windows and IBM

Software Distributor

Copyright © 1995-2004 Zapper Software 510862 B.C. Ltd. All rights reserved. Privacy Policy
1 1 1 1 1 1 1 1 1 1 1 1