├── .gitignore
├── README.md
└── index.html
/.gitignore:
--------------------------------------------------------------------------------
1 | # Logs
2 | logs
3 | *.log
4 | npm-debug.log*
5 |
6 | # Runtime data
7 | pids
8 | *.pid
9 | *.seed
10 |
11 | # Directory for instrumented libs generated by jscoverage/JSCover
12 | lib-cov
13 |
14 | # Coverage directory used by tools like istanbul
15 | coverage
16 |
17 | # nyc test coverage
18 | .nyc_output
19 |
20 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
21 | .grunt
22 |
23 | # node-waf configuration
24 | .lock-wscript
25 |
26 | # Compiled binary addons (http://nodejs.org/api/addons.html)
27 | build/Release
28 |
29 | # Dependency directories
30 | node_modules
31 | jspm_packages
32 |
33 | # Optional npm cache directory
34 | .npm
35 |
36 | # Optional REPL history
37 | .node_repl_history
38 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Password protection for static pages
2 |
3 | Very simple password protection to static pages or whole websites with no server configuration required: you ca use Dropbox, Amazon S3 or any generic hosting service to host a private, password protected site.
4 |
5 | ### [Check out the demo](https://chrissy-dev.github.io/protected-github-pages/)
6 | >Password is: password
7 |
8 | ## Setup
9 |
10 | - Upload the `index.html` document to the root of your static hosting service.
11 | - Load it up in your browser, enter the password of your choice
12 | - It will show "wrong password", never mind. Copy the section of the URL after the # sign.
13 | - Create a folder with that name next to the `index.html` file
14 | - Upload the content that you want to protect inside the folder
15 |
16 | The final structure will be:
17 |
18 | ```
19 | - index.html
20 | - background.jpg
21 | - this-is-a-hash <-- the SHA1 hash of your password
22 | \ - index.html <-- your original index document
23 | ```
24 |
25 | ### Things to consider
26 |
27 | - If your hosting service offers directory listing, a visitor can bypass the protection.
28 | - there's no protection against brute force attack. Pick a very long and hard to guess password.
29 | - Pasting the link directly to someone will bypass the login
30 |
31 | > Credit to [@matteobrusa](https://github.com/matteobrusa/Password-protection-for-static-pages) for his initial findings and implementation.
32 |
--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Password Protected
5 |
6 |
7 |
8 |
9 |
87 |
88 |
89 |
90 |
91 |
92 |