如何保护github-pages中的目录?
我正在使用Jekyll构建我的个人网站,并将其托管在github-pages上.我想要一个受密码保护的区域(只是受密码保护的目录,而不是整个网站).我尝试了一些选项和技巧来使htaccess工作,但失败了.
I am building my personal website using Jekyll and hosting it at github-pages. I would like to have a password protected area (just password protected directory, not the whole website). I have tried a few options and tricks to get htaccess to work but failed.
我想知道是否有人设法使用htaccess或任何其他方法来保护github-pages上的目录.
I would like to know if someone managed to use htaccess, or any other method, to protect a directory on github-pages.
列出对我不起作用的解决方案(或者我无法使它们起作用):
* Flohei.
* 杰里米·里基茨(Jeremy Ricketts).
Listing solutions which did not work for me (or I failed to get them to work):
*Flohei.
*Jeremy Ricketts.
GitHubPages(例如Bitbucket Pages和GitLab Pages)仅提供静态页面,因此唯一的解决方案是使用客户端(Javascript).
GitHubPages (like Bitbucket Pages and GitLab Pages) only serve static pages, so the only solution is something client side (Javascript).
一个解决方案可能是,不使用真实身份验证,而仅与所有授权人员共享一个秘密(密码)并实施以下方案之一:
A solution could be, instead of using real authentication, just to share only a secret (password) with all the authorized persons and implement one of the following scheme:
-
将所有私有文件放在一个(未列出的)子目录中,并用所选密码的哈希命名.索引页面要求您(使用Javascript)输入密码,并建立计算散列的正确开始链接.
put all the private files in a (not listed) subdirectory and name that with the hash of the chosen password. The index page asks you (with Javascript) for the password and build the correct start link calculating the hash.
例如,请参见: https://github.com/matteobrusa/Password-静态页面保护
专业版: 非常简单的方法保护整个子目录树
PRO: Very simple approach protecting a whole subdirectory tree
缺点:
- 可能的攻击:嗅探以下请求以获取子目录的名称
- 托管站点上的管理员有权访问全部内容
使用密码加密页面并使用javascript即时解密
crypt the page with password and decrypt on the fly with javascript
例如: https://github.com/robinmoisson/staticrypt
PRO:没有明文页面代码(解密发生在客户端)
PRO: no plaintext page code around (decrypting happens on the client side)
缺点:
- 仅一页,并且每次刷新时都需要重新插入密码
- 管理员可以更改您的Javascript代码以在插入密码时获取密码