Capture the flag
Very simple password protection to static pages or whole websites with no server configuration required: you ca use Dropbox, Amazon S3 or any generic hosting service to host a private, password protected site.
Check out the demo
Password is: password
Setup
- Upload the
index.html
document to the root of your static hosting service. - Load it up in your browser, enter the password of your choice
- It will show "wrong password", never mind. Copy the section of the URL after the # sign.
- Create a folder with that name next to the
index.html
file - Upload the content that you want to protect inside the folder
The final structure will be:
- index.html
- background.jpg
- this-is-a-hash <-- the SHA1 hash of your password
\ - index.html <-- your original index document
Things to consider
- If your hosting service offers directory listing, a visitor can bypass the protection.
- there's no protection against brute force attack. Pick a very long and hard to guess password.
- Pasting the link directly to someone will bypass the login
Credit to @matteobrusa for his initial findings and implementation.