.htaccess and .htpasswd Technical Question

Posted on 2007-10-11
Last Modified: 2010-04-11
I want to password protect a folder within my hosting account using .htaccess and .htpasswd . This folder contains scripts and codes that my pages grab to implement on their particular pages. If I go about password protecting these sub folders, of which my main pages use for their scripts, will it affect the access these pages have to the subfolder containing the scripts? That is, will I have to place a username and password within each page to be able to go into the subfolders to grab the files it needs for the scripts? Or is the .htaccess and mere protection so that people cant access a folder from the browser? Thanks!
Question by:jcbodyworks
    LVL 16

    Expert Comment

    It depends on what sort of scripts you mean.

    If you include files from within PHP like:
    include 'other.php';
    this accesses the file through disk access and should not be a problem.

    If you include in PHP with:
    include '';
    this should not work because you are accessing through web (I think).

    If you are refering to javascript scripts included with HTML script tag:
    <script type="text/javascript" src="/test.js"></script>
    this will certainly not work since the user requests this file through HTTP.

    Author Comment

    alright, so how would I make it work if I requested an external js file:

    <script type="text/javascript" src="javascript/test.js"></script>

    where the javascript folder containing the javascript file is protected with .htaccess. How would I have to modify the tag, or even the .htaccess file to insure that these tags have access to the files. Thanks.
    LVL 16

    Accepted Solution

    I believe there is no way to do that. This is related to how HTTP and HTML protocols work.

    1. Client requests the HTML page.
    2. Client gets the HTML page.
    3. Client parses the HTML page for external files (images, javascript includes, css includes etc)
    4. Client requests each external file individually

    There is no way to tell if client is requesting your .js file by itself or because it was included in a HTML document. There is no way to input a password when loading these files.

    The main question would be why would you want to have the js file in a password protected dir. Regarding that there are several alternatives but none of them is perfect - depending on your cause. If you would like to protect the javascript code the best thing would be to obfucsate the code:

    If you have some other reason please ask and perhaps there is a solution for your problem.

    Author Comment

    i guess obfucsating the code is the best solution. Thank you for your help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now