Tags:






Advertise here: Contact FM.


Can I make this secure?
March 23, 2008 7:54 PM   RSS feed for this thread Subscribe

Is there an easy way for a non we-savvy person to create a password-protected url on which to demo a website before taking it "live?"

I have had an outside contractor develop a website for a client, and I want to be able to demo the site securely before taking it live. If I buy a domain and pay for hosting, is there an easy way that I make it require a password to view any web pages that are hosted there?
posted by Ignatius J. Reilly to technology (9 comments total) 3 users marked this as a favorite
Many, if not most, web hosts allow the ability to password-protect a directory. The web hosting control panel should have a tool for this.
posted by Fuzzy Skinner at 8:00 PM on March 23


An easier method without the use of username/password is to first protect the main domain with an INDEX so that subdirectories can't be viewed. Then you can create a subdirectory with a long, unguessable name that only people who know the URL can view.

Example:

http://www.yourdomain.com/testsitefor2008blah

In www.yourdomain.com, you would place a blank INDEX file such as index.html:

<html><head><title>This is a blank index.</title>
</head><body></body><html>


How this works: All browsers look for a default index file (e.g. index.php or index.html or index.htm, etc.). If you create a blank HTML file with an index name, the user can surf to yourdomain.com but only sees a blank page. Without links going anywhere, and without knowing the exact name of your custom subdirectory, no one can possibly find it (so long as you really don't link it anywhere, such as posting to a forum).

Just remember to delete the custom subdirectory when the site goes live, along with the blank INDEX page.
posted by Ky at 8:09 PM on March 23


I should note that if you wanted everything absolutely ready for quick publishing, then using the web host's online services for password protection certainly is the best way since you need only remove the password with the online tool. Be sure that the host you pick has the service, though, otherwise you may need to edit .htaccess files (on Apache servers).

The blank-index trick is useful for testing specific pages if you're not worried about the time it takes to reupload an entire site to the main domain.
posted by Ky at 8:16 PM on March 23


Just to clarify a minor thing from Ky that may sound nitpicky, but matters...

It's not browsers that look for a default index file. It's the webserver that looks for that.

The reason this is relevant is that you can't just go through the list of possible index files (index.htm, index.html, index.php, index.asp) and expect that a browser will look for all of them and find whichever one you create. You'll need to know from your webhost what default index filenames are set up there to take advantage of this.
posted by twiggy at 11:03 PM on March 23


You might put the long URL into a subdirectory, & put the subdirectory into robots.txt as not-to-be-spidered. Instead of re-uploading, too, just move it if you have shell access.
posted by Pronoiac at 1:52 AM on March 24


You might put the long URL into a subdirectory, & put the subdirectory into robots.txt as not-to-be-spidered.

It's my understanding (correct me if I'm wrong) that people sometimes look in the robots.txt specifically to find things that are hidden like that. As noted above, if you name the directory something unguessable, then it won't be spidered either. In theory. Password protecting is the safest bet.
posted by inigo2 at 6:22 AM on March 24


Yes, if it shows up in robots.txt, it's sorta public, so put the random one another directory deeper within that don't-spider directory, if that's more clear.
posted by Pronoiac at 10:18 AM on March 24


The above, rephrased for those who are non-webby, such as Ted Stevens:

The Internet is a series of tubes. If you set up a page (one tube) with nothing else linking to it (other tubes), then there's no way for users to flow to your non-connected page. Unless someone accidentally finds your tube and makes connections for you.

So if you don't want your tubes connected to other tubes, hide them well. And don't let any cats in them.
posted by SlyBevel at 10:18 AM on March 24


Twiggy is absolutely right there. Sorry for the misinformation. :)
posted by Ky at 11:25 AM on March 24


« Older I have a newfound love of tea,...   |   Photography filter: Next step ... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
Anyone know of a small device with an LCD for... August 29, 2008
How do I password protect a CD for both mac and pc? October 23, 2007
HP PAvillion ISSUES***LOCKED OUT June 17, 2007
You mean password isn't a secure password? February 1, 2007
Why are the numbers 2, 3 and 4 worn out on a local... September 18, 2006