Personal Homepages FAQ
Q: Do I get personal web space? How do I set up my home page?
A: Yes, but personal web space is being set up only by request so you'll have to ask for it. Please send your request to firstname.lastname@example.org. When this is done, you'll find your home page folder under:
Your link will be http://www.sci.utah.edu/~yourusername
When you create your page, name it index.html. That will guarantee that it will be seen as your main home page by the server. Other pages can be named whatever you want, but must have the .html or .htm extension.
Q: Can I password protect parts of my personal website?
A: Yes. We use an Apache web server that has a built in system for web security. To set up a password protected area on your site, you need to create two text files; a .htaccess and a .htpasswd and place the .htaccess file in the folder you wish to protect. The .htpasswd file can live anywhere as long as you have the correct path in your .htaccess file. You should use a simple text editor to create these files. When a user tries to access a page within that folder, the server reads the .htaccess file and follows the commands within. In this case, it will promt the user for a login and then compare their username and password to what is contained in the .htpasswd file. The .htaccess file must contain specific directives about securing the folder it's in and the path to where the .htpasswd file can be found. Make sure these files are world readable so the server can read them.
The .htpasswd file is just a list of usernames and encrypted passwords separated by a colon. When the user is prompted for a login and enters their username and password, the server automatically encrypts their password before comparing it to what is in the .htpasswd file. To create a .htpasswd file, therefore, you must find out what the password will look like after it has been encrypted and put that in the file. Luckily, there are online tools available to help you encrypt passwords. Here is a nice password encryption tool.
It's important to note that this type of web security is not highly secure. When a user logs in, their password it transferred over the internet unencrypted and could be picked up by a hacker fairly easily if they tried. It will effectively keep out the casual browsers, but I would not rely on it to secure highly sensitive information. Most importantly, NEVER USE THE SAME PASSWORD FOR SECURED WEB SITES AS YOU DO FOR INTERNAL NETWORKS OR YOUR OWN COMPUTER. If you do, a hacker who picks up your password from the reletively insecure internet, could then gain access to the ordinarily much more secure network or your computer.
Below are examples you can use to set up your password protected folders. To learn more about password protection and other things .htaccess files can be used for, see this Apache User Authentication Tutorial.
Example .htaccess file
Deny from all
AuthName "My Secure Site"
Example .htpasswd file