Hi everyone, I'm relatively new to programming and web development, and I'm working on creating a personal website to document my programming journey—kind of like an improved journal. One of my main concerns is security; I want to make sure that my journal entries are password protected so that they remain private and only I can access them, even if the site is accidentally discovered by someone else.
I've done a bit of research on user accounts, passwords, and hashing, but I'm not quite certain how to apply that knowledge in my situation. Since it's just for me, would it be practical to store everything in a database? I'm also interested in implementing an OTP feature that could send me a confirmation code when I log in, either through email or via a Telegram bot.
For now, I'm planning to use Supabase for my website, but I might expand later if necessary. How can I approach this?
7 Answers
What web server are you using? Like Apache or Nginx? Knowing that could help us suggest better ways to implement password protection for your site.
Do you really need authentication for just your website? Since it's only for you, you could manage server access without a login feature. But if you want some management tools, adding a simple login feature could work well by storing your username and hash on the server and using sessions.
I just want to keep my writing private, so people can't read what I've put down.
Supabase may seem too complicated for just you, but if you plan to tackle more projects, using it could be beneficial. You could set your site up with Supabase and use it as a learning tool. Just remember, you can always switch back to a simpler solution later if you find one that fits better.
What exactly is Cloudflare Access?
Honestly, if you just want a lightweight solution, using HTTP Auth for your reverse proxy is a super simple route to go. As for OTP via email or Telegram, you’ll need a proper backend for that, which you can save for later until you want to dive deeper into programming!
I actually set up a Telegram message sender using Python once—maybe I can use workers for that?
Since you're just starting out and need something secure for one person—yourself—you really can avoid the complexity of a full authentication system.
That might just be my last resort!
You couldn't find out how to secure a website through Google or AI?
No, ChatGPT recommended storing the password in the frontend, which didn't seem right!
For a simple, single-user setup, you can forgo a full authentication system. Just hash your password using bcrypt and save it in an environment variable or a configuration file. When you log in, compare the hash server-side. If you want to add an OTP, consider using a Telegram bot—it’s straightforward and avoids the hassle of email setup. Supabase might feel like overkill for this, so keeping things simple will save you trouble.
What a neat idea! It's annoying I didn't think of that before. I want my project to store images and docs later, but I guess avoiding the database might be easier since I’m just starting out.
This sounds really interesting! I want to learn more about hashing and stuff. I suggested earlier to just go for Supabase for the experience, but this simpler approach seems like a valid option too.
I'm mainly familiar with Flask for web development. I might consider going with Vercel too.