I am making a site that will have cerain pages for clients to log into. Each page will have differnt files that can be downloaded.

Im just not sure which way i want to go about this so i wanted to see some ways you might go about it to make it the simplest. Just lookin for food for thought.

I think I am going to password protect each page with a differnt password so that only certain people can get into the certain pages. I dont want the option of people creating user accounts. I will provide passwords to the clients.

Code and design isnt a factor. :)

If your web server is running Apache the simplest thing to do would be to use .htaccess to protect the directories.

I'm not sure what you mean by "Code and design isn't a factor"—does that mean you don't know anything about them or that they're not obstacles? If it's the latter, then you can use PHP or ASP or whatever your server supports to create something more elegant.

Digi

I mean that i dont need examples of code. Im know most sever side and javascript. I guess a better way to say it would of been which way would you do it if it was your site. I was just curious. Thanks for the post.

For anyone's information .htacess can get hacked and fairly easily with the right tools. Especially on a shared server. It is actually one of the weakest password protections out there.

Just saying. :)

I would use a CMS - if it's client orientated, look at egroupware or something simular.

If it is only specific clients, then you can set it up manually. Depending on the level of security you need, you can do a 256 SSL cert encripted with a minimum of MD5 hash for pasword (there's better hash encryption now, but off the top of my head - I can't remember.) Use a database for the password and strip code from the login form itself. Limit the login form to only the amount of characters the username and password needs.

For style, Css all the way.

:)
Jade

I guess a better way to say it would of been which way would you do it if it was your site. I was just curious.
I use various .htaccess directives for protecting non-critical areas of my site—i.e. directories or files that I don't want the average user snooping around in, but which (if compromised) wouldn't result in disastrous consequences.

As for my client login system, I built it myself. It uses PHP over SSL with passwords stored in a database with one-way encryption. Along with other basic best practices for writing secure code (validate input/filter output, etc.), that was the best I could do in a shared hosting environment. I don't store any terribly sensitive client information on my server, so that's sufficient for my needs.

If security is a major concern, then dedicated hosting with regular penetration testing by security experts would be the way to go. But then you asked for simple, and I guess that's not really a simple solution. :)

Digi