Posted on 2010-01-06
Last Modified: 2013-12-18
If i have a public directory on Apache with a few public files.
is it possible to add one file and protect it using userid/password or password only.
How can i do this

Is it possible also to upload it to a database table and have a link to it that opens it like a file system. That would require more code though.
Question by:sam15
    LVL 4

    Expert Comment

    You can restrict access to a file by using an .htaccess file in its directory.  You will need to point it to a password file, best kept in a different, non-public directory. (or an authentication server)
    Here is a decent description:

    As for uploading an image to a database and retrieving it as a file:  You can do this with MySQL and PHP.
    Here is the basic way to it:


    Author Comment

    so you can restrict access to a file in a specific directory or create a protected diretory and limit access to it?

    Do you have to mess up with the main .htaccess and .paswrd files or you create a second copy and place it in this directory.
    LVL 4

    Accepted Solution

    You can protect the directory and/or specific files in it, on the user and group levels.

    Yes, you have to edit the .htaccess file for that folder if one already exists.  You can create an additional password file for each directive if you want, as you specify the password file for each directive.

    You would add something like this to the .htaccess file:

    <Files secret.html>
    order deny,allow
    deny from all
    AuthUserFile /home/user/.htpasswd
    AuthType Basic
    require valid-user
    satisfy all

    You would also need to create the file /home/user/.htpasswd (only an example - you can put it anywhere outside your publicly readable directories)
    There are a lot of options for .htaccess. (this also shows how to make a .htpasswd file on the server if you have shell access)


    Author Comment

    great one last question

    can I have one userid/password for ALL users or one userid/password for everyone. Does apache allow you to configure both.
    LVL 4

    Expert Comment

    You can make one or many userid/passwords.  The example only requires a "valid-user" which just means they exist in the .htpasswd file.    Another option is to just use one userid, but change the pw now and again and only send the new password to those who should have it currently.  You can't really track who is doing what this way.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
    From implementing a password expiration date, to datatype conversions and file export options, these are some useful settings I've found in Jasper Server.
    This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
    This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now