"James, Yz" wrote:
>
> In addition,
>
> (if using .htaccess) They would only be able to read the .htpasswd from
> public directory if they had first authorised themselves. The browser will
> prompt them to identify before it allows files from a protected directory to
> be included.
>
James,
are you sure about this? Afaik, no user authentication applies to PHP
include() calls. This would require PHP to integrate much closer with
Apache than I think it does (and makes sense).
Cheers,
Ben
> J.
>
> > Make sure that the .htpasswd file is BELOW the public files root. That
> way,
> > it can't be accessed through a browser, unless the person who has written
> > the file to try and read the .htpasswd has uploaded their file to the
> server
> > it resides on, and has permission to access that low level directory.
> They
> > can't read files in a directory route, unless they're in the directory:
> So
> > a URL reference won't work. If you've uploaded the .htpasswd to
> /www/admin
> > They could do an include for:
> >
> > <?
> > include(http://www.yoursite.com/admin/.htpasswd);
> > ?>
> >
> > ..................So:
> >
> > /home/myfiles/.htpasswd
> >
> > Rather than
> >
> > /home/myfiles/publicwwwfiles/.htpasswd
> >
> > Hope that's of some use to you.
> > James.
> >
> > ""Thor M. Steindorsson"" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Should this be possible?
> > > I know this isn't an issue with php, but since I used php to do this, I
> > > figured maybe someone here has encountered the same thing, and knows how
> > to
> > > help.
> > > Is this something that can be fixed by making some changes on the linux
> > > server?
> > >
> > > By using this:
> > >
> > > <?
> > > echo "<pre>";
> > > include("/home/someuser/www/admin/.htaccess");
> > > echo "</pre>";
> > > ?>
> > >
> > > I can see what .htpasswd file is used, and then I can simply change the
> > code
> > > to display that particular password file, then take the encrypted
> > password,
> > > and decrypt it to gain access to that protected area.
> > >
> > > I have a feeling this is a permissions issue on the Linux server...
> > > Can anyone point me in the right direction with this?
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> > >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
