At 4:23 PM -0400 8/17/10, Robert Cummings wrote:
On 10-08-17 04:17 PM, tedd wrote:
The subject line says it all.
How secure is a .htaccess file to store passwords and other sensitive stuff?
Can a .htaccess file be viewed remotely?
It depends on the server configuration. I think for the most part
apache servers disable viewing these files by default. But, in any
event, when these include access restriction, I always point it at a
user/password file outside the web tree.
When you're on a shared hosting account, they typically prohibit
files being outside of the web root. Some do, some don't. For
example, GoDaddy.com prohibits files outside of the web root while
Parasane.net doesn't, at least my experience with my accounts.
I'm simply trying to find the "best" method to hide sensitive
information on a shared hosting environment. Thus far, it appears
that .htaccess files are the safest bet, but I understand that
nothing is certain -- every method has risks.
GoDaddy.com brags about not being hacked in 6 years and thus offers
some verbal assurances that they are secure. However, I am not sure
as to what they would do if they were hacked and sensitive
information was made public. I'll ask them in writing and see what
In the meantime, I think I'll use .htaccess files for secure stuff.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php