Can I make this secure?
March 23, 2008 7:54 PM   Subscribe

Is there an easy way for a non we-savvy person to create a password-protected url on which to demo a website before taking it "live?"

I have had an outside contractor develop a website for a client, and I want to be able to demo the site securely before taking it live. If I buy a domain and pay for hosting, is there an easy way that I make it require a password to view any web pages that are hosted there?
posted by Ignatius J. Reilly to Technology (9 answers total) 3 users marked this as a favorite
 
Best answer: Many, if not most, web hosts allow the ability to password-protect a directory. The web hosting control panel should have a tool for this.
posted by Fuzzy Skinner at 8:00 PM on March 23, 2008


Best answer: An easier method without the use of username/password is to first protect the main domain with an INDEX so that subdirectories can't be viewed. Then you can create a subdirectory with a long, unguessable name that only people who know the URL can view.

Example:

http://www.yourdomain.com/testsitefor2008blah

In www.yourdomain.com, you would place a blank INDEX file such as index.html:

<html><head><title>This is a blank index.</title>
</head><body></body><html>


How this works: All browsers look for a default index file (e.g. index.php or index.html or index.htm, etc.). If you create a blank HTML file with an index name, the user can surf to yourdomain.com but only sees a blank page. Without links going anywhere, and without knowing the exact name of your custom subdirectory, no one can possibly find it (so long as you really don't link it anywhere, such as posting to a forum).

Just remember to delete the custom subdirectory when the site goes live, along with the blank INDEX page.
posted by Ky at 8:09 PM on March 23, 2008


Best answer: I should note that if you wanted everything absolutely ready for quick publishing, then using the web host's online services for password protection certainly is the best way since you need only remove the password with the online tool. Be sure that the host you pick has the service, though, otherwise you may need to edit .htaccess files (on Apache servers).

The blank-index trick is useful for testing specific pages if you're not worried about the time it takes to reupload an entire site to the main domain.
posted by Ky at 8:16 PM on March 23, 2008


Just to clarify a minor thing from Ky that may sound nitpicky, but matters...

It's not browsers that look for a default index file. It's the webserver that looks for that.

The reason this is relevant is that you can't just go through the list of possible index files (index.htm, index.html, index.php, index.asp) and expect that a browser will look for all of them and find whichever one you create. You'll need to know from your webhost what default index filenames are set up there to take advantage of this.
posted by twiggy at 11:03 PM on March 23, 2008


You might put the long URL into a subdirectory, & put the subdirectory into robots.txt as not-to-be-spidered. Instead of re-uploading, too, just move it if you have shell access.
posted by Pronoiac at 1:52 AM on March 24, 2008


You might put the long URL into a subdirectory, & put the subdirectory into robots.txt as not-to-be-spidered.

It's my understanding (correct me if I'm wrong) that people sometimes look in the robots.txt specifically to find things that are hidden like that. As noted above, if you name the directory something unguessable, then it won't be spidered either. In theory. Password protecting is the safest bet.
posted by inigo2 at 6:22 AM on March 24, 2008


Yes, if it shows up in robots.txt, it's sorta public, so put the random one another directory deeper within that don't-spider directory, if that's more clear.
posted by Pronoiac at 10:18 AM on March 24, 2008


The above, rephrased for those who are non-webby, such as Ted Stevens:

The Internet is a series of tubes. If you set up a page (one tube) with nothing else linking to it (other tubes), then there's no way for users to flow to your non-connected page. Unless someone accidentally finds your tube and makes connections for you.

So if you don't want your tubes connected to other tubes, hide them well. And don't let any cats in them.
posted by SlyBevel at 10:18 AM on March 24, 2008


Twiggy is absolutely right there. Sorry for the misinformation. :)
posted by Ky at 11:25 AM on March 24, 2008


« Older High-quality bulk tea: where, oh where, can I find...   |   Photography filter: Next step up from "digital... Newer »
This thread is closed to new comments.