If the .htpasswd file is in a Web-accessible directory, wouldn't it be possible for someone who can access the directory to read the file and decrypt the passwords for the all the users in the file? Or are .files not served up by the server?
As an aside, I don't think I've ever put my password file in a Web-accessible directory, and I've never had a problem the htaccess picking it up.
-Jeff
At 08:47 PM 04/20/2004, Peter wrote:
Ok number #1 never put a .htpasswd file in a web accessible directory.
This is what I do: Create (Sambar is on my D: drive set it to yours} D:/sambar/access/
Now create sub dirs, use as many as you need for hosts. access/site1/.htpasswd access/site2/.htpasswd access/site3/.htpasswd
Now you need a .htaccess and .htpasswd file the .htpasswd will look something like this:
Peter:81489422D5167A34 Therese:81489422D5167A67 Kyle:AA5768A579A0C099 Connor:05A6100629997432 Baby:7B7DA7D1BFFDEBNV
Now the .htaccess file will look something like this:
AuthName "My Secret Stuff" AuthType Digest AuthUserFile D:/sambar/access/site1/.htpasswd Require valid-user AllowOverride none
Good luck, Peter
------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
