tags:

views:

39

answers:

3
+3  Q: 

HTML: how to make a file download require a username and password

In a basic HTML web page, how do you make the user have to enter a username and password before they are allowed to download a file.

What is the best way of achieving this on a website, preferably in plain HTML.

+1  A: 

This can't be achieved in HTML.

With client side technologies, the best you are likely to be able to achieve is a JavaScript prompt that you use the data from to direct people to a secret URI.

This is something that really should be handled by the web server.

David Dorward  2010-05-26 08:05:32
A: 

You won't be able to do this with plain HTML. Easiest way is probably to place the protected file in a directory protected by an .htaccess and .htpasswd file.

Calvin L  2010-05-26 08:05:57
Is this something that can be achieved using a commercial web host?
Craig Johnston  2010-05-26 08:14:40
Mosts hosts should have a way to do this in the admin control panel. Check the FAQs or email your host for support. If you're using cPanel, there's a very easy way of adding a password-protected directory.
Calvin L  2010-05-26 08:16:36
What are the general risks of making files available in this way? Could sophisticated hackers get hold of the file anyway?
Craig Johnston  2010-05-26 08:25:40
A brute force attack (randomly guessing words at a high speed), or if a hacker gets a hold of your account password, a person with privileged access to your server host's computers....all possibilities, somewhat unlikely to happen, but hey, that's the risk of putting anything online.
Calvin L  2010-05-26 09:12:37
+1  A: 

I agree with David...this can't really be done. Putting up a JavaScript prompt only protects you so far as well...that isn't really secure.

If you are on an Apache server, you could setup a .htaccess file and setup some user authorization options that point at a page which has the link to your download file. A simple implementation would give you 1 user/password combo that you could distribute to your users. The Apache documentation for this may be found here. Unfortunately I'm not really familiar with how IIS handles this sort of thing.

If you don't want to distribute a generic username/password combo to your users, you're pretty much going to be stuck creating a (or making use of an exsitng) user-management system. There are quite a few modules strewn throughout the web, and a simple Google search should bring you to quite a number of tutorials or existing implementations, depending on what you require.

espais  2010-05-26 08:10:26

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?