[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


.htaccess and .htpasswd Technical Question

Posted on 2007-10-11
Medium Priority
Last Modified: 2010-04-11
I want to password protect a folder within my hosting account using .htaccess and .htpasswd . This folder contains scripts and codes that my pages grab to implement on their particular pages. If I go about password protecting these sub folders, of which my main pages use for their scripts, will it affect the access these pages have to the subfolder containing the scripts? That is, will I have to place a username and password within each page to be able to go into the subfolders to grab the files it needs for the scripts? Or is the .htaccess and mere protection so that people cant access a folder from the browser? Thanks!
Question by:jcbodyworks
  • 2
  • 2
LVL 16

Expert Comment

ID: 20063349
It depends on what sort of scripts you mean.

If you include files from within PHP like:
include 'other.php';
this accesses the file through disk access and should not be a problem.

If you include in PHP with:
include 'http://www.domain.com/test.php?foo=1';
this should not work because you are accessing through web (I think).

If you are refering to javascript scripts included with HTML script tag:
<script type="text/javascript" src="/test.js"></script>
this will certainly not work since the user requests this file through HTTP.

Author Comment

ID: 20067348
alright, so how would I make it work if I requested an external js file:

<script type="text/javascript" src="javascript/test.js"></script>

where the javascript folder containing the javascript file is protected with .htaccess. How would I have to modify the tag, or even the .htaccess file to insure that these tags have access to the files. Thanks.
LVL 16

Accepted Solution

Blaz earned 2000 total points
ID: 20076459
I believe there is no way to do that. This is related to how HTTP and HTML protocols work.

1. Client requests the HTML page.
2. Client gets the HTML page.
3. Client parses the HTML page for external files (images, javascript includes, css includes etc)
4. Client requests each external file individually

There is no way to tell if client is requesting your .js file by itself or because it was included in a HTML document. There is no way to input a password when loading these files.

The main question would be why would you want to have the js file in a password protected dir. Regarding that there are several alternatives but none of them is perfect - depending on your cause. If you would like to protect the javascript code the best thing would be to obfucsate the code:

If you have some other reason please ask and perhaps there is a solution for your problem.

Author Comment

ID: 20081901
i guess obfucsating the code is the best solution. Thank you for your help.

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question