I tried Googling this, but this is just one of those questions that no matter how you phrase it, you’ll never find the answer you’re looking for.
I’ve got a small web site on a shared Apache server. I’m a photographer and each time I shoot a model I make a folder for her. An IT friend recommended to look into .htaccess for password protection. That let me to the File Manager in cPanel where I discovered the Password Protect context menu item where I can create usernames and passwords. I’ve noticed it uses the .htpasswds directory structure to password protect folders by placing a passwd file in the equivalent folder. The passwd file’s structure is simple, username:password, (password being encrypted of course).
I’m sure you’re all familiar with this system of password protecting directories. I’m new to it.
Okay, it order to QA test my security I want to expire password access on demand from the client. I want to effectively logout so as to visit the folder and be prompted for username and password again and again as many times until I’m satisfied that it’s secure.
Any assistance with my issue would be greatly appreciated.
the system you mention only allows you to set a password that must be entered to be able to access the directory. That system is applying the password to the directory and not to individual web pages and has no expiry mechanism.
A login/logout system works with web pages rather than directories and needs to be coded into the pages themselves.
Yeah, I’m getting that impression. This is just a temporary thing until I build a WordPress photo gallery.
I installed the WebDeveloper plugin into FireFox to allow me to QA test password security. It has a feature that allows me to Clear HTTP Authentication which is perfect for testing.
Just a side note. Using Apache or anything to protect images or assets will only get you so far. There is no legit way to protect anything on the internet. If it has a URL, it’s reachable. While Apache can protect a directory, it cannot protect an image. People are still going to be able to access and look at said images and or assets. You just need to know the URL of the image and you can basically view that image even if the directory is password protected by Apache.
Yeah, I know. I have one page that has a link to another subfolder with the slideshow and can access it w/o being prompted for a password. So, I could password protect each of the five subfolders which would add an additional password prompt. I’m assuming since password authentication doesn’t propagate recursively to subfolders.