Password protecting a page

While we encourage the use of the web as a public medium, there may be the occasional need to create a private space for a group of users.

Before password protecting a website, please consider two alternatives which may meet your needs:

Sensitive information -- UNet / CoSign authentication

Any site that contains potentially sensitive or private information (e.g. student or employee records, non-public financial data) must use UNet / CoSign or another LTS-sanctioned form of authentication. If you are collecting private information there are additional steps that need to be taken to secure the transmission of the data.

To set up a such a site, please contact the Web and Middleware Development group of LTS.

Non-Sensitive information -- Simple protection

When the data isn't sensitive (e.g. a members only newsletter) you can setup a shared username/password. This is not secure, but does prevent your page(s) from being completely public. To set this up use the following guide:

Setting Up Shared Login

You must create a new subdirectory to hold your private files. For example, if you own /departments/webservices/, you could make a restricted directory /departments/webservices/secretfiles/. Pages within that directory, such as /departments/webservices/secretfiles/topsecrettext.html, would be protected from casual observers.

What area of your web site would you like to protect? (change the text to reflect your subdirectory)

http://www.brandeis.edu

Should these web pages be accessible to anyone who knows the password, or should they be restricted to browsers on the local Brandeis network? Please note that this provides only very crude access control, as the general public may be able to wander into certain public labs. Restricting access by IP address may also be an inconvenience to Brandeis community members with Internet access at home (forcing them to go through the VPN). Still, there are some applications for which restricting access by IP address is appropriate.

Yes, allow connection attempts from anywhere
No, only allow connections from the Brandeis network

Do you want to password-protect your web pages? Note that neither this form nor your putative password-protected web pages will be encrypted, so you should not count on this for truly confidential material.

Yes, require a password for access
No, only restrict by IP address (above)

If you want to set a password or passwords for this area, enter them here. One user per line, space separates from password. For our example secretfiles directory, either username minnie with password bow or username mickey with password belt will let you in. Because these passwords are not encrypted across the network, you should not use a password of value elsewhere.

Finally, if you are requiring a password, we need a password prompt for when people go to log in. This will pop up in the browser like "Password for SuperSecret Files at www.brandeis.edu." The practical limit for most browsers is about 20 characters. Keep it short.

This page was last modified on: Feb 28, 2008