At 4:23 PM -0400 8/17/10, Robert Cummings wrote:
On 10-08-17 04:17 PM, tedd wrote:
Hi gang:

The subject line says it all.

How secure is a .htaccess file to store passwords and other sensitive stuff?

Can a .htaccess file be viewed remotely?

It depends on the server configuration. I think for the most part apache servers disable viewing these files by default. But, in any event, when these include access restriction, I always point it at a user/password file outside the web tree.



When you're on a shared hosting account, they typically prohibit files being outside of the web root. Some do, some don't. For example, prohibits files outside of the web root while doesn't, at least my experience with my accounts.

I'm simply trying to find the "best" method to hide sensitive information on a shared hosting environment. Thus far, it appears that .htaccess files are the safest bet, but I understand that nothing is certain -- every method has risks. brags about not being hacked in 6 years and thus offers some verbal assurances that they are secure. However, I am not sure as to what they would do if they were hacked and sensitive information was made public. I'll ask them in writing and see what they say.

In the meantime, I think I'll use .htaccess files for secure stuff.




PHP General Mailing List (
To unsubscribe, visit:

Reply via email to