Jeff Good points, I believe Tod had made this a safe as possible with DOT-file security and Allow .htaccess Upload and a few other basics that make accessing these files near impossible to read by the bad guys. The thing is nothing is perfect and why take a chance. I read all the time about webmasters having their password files cracked and this month alone I've had 140 404's on my cgi bin.
These files for sure should NOT be listed in your mime.ini :-) Peter -----Original Message----- From: Jeff Adams <[EMAIL PROTECTED]> To: "sambar List Member" <[EMAIL PROTECTED]> Date: Tue, 20 Apr 2004 21:26:57 -0400 Subject: [sambar] htaccess sambar and php > Peter, > > If the .htpasswd file is in a Web-accessible directory, wouldn't it be > possible for someone who can access the directory to read the file and > decrypt the passwords for the all the users in the file? Or are .files > not > served up by the server? > > As an aside, I don't think I've ever put my password file in a > Web-accessible directory, and I've never had a problem the htaccess > picking > it up. > > -Jeff > > At 08:47 PM 04/20/2004, Peter wrote: > > >Ok number #1 never put a .htpasswd file in a web accessible directory. > > > >This is what I do: > >Create (Sambar is on my D: drive set it to yours} > >D:/sambar/access/ > > > >Now create sub dirs, use as many as you need for hosts. > >access/site1/.htpasswd > >access/site2/.htpasswd > >access/site3/.htpasswd > > > >Now you need a .htaccess and .htpasswd file the .htpasswd will look > >something like this: > > > >Peter:81489422D5167A34 > >Therese:81489422D5167A67 > >Kyle:AA5768A579A0C099 > >Connor:05A6100629997432 > >Baby:7B7DA7D1BFFDEBNV > > > >Now the .htaccess file will look something like this: > > > >AuthName "My Secret Stuff" > >AuthType Digest > >AuthUserFile D:/sambar/access/site1/.htpasswd > >Require valid-user > >AllowOverride none > > > >Good luck, > >Peter > > ------------------------------------------------------- > To unsubscribe please go to http://www.sambar.ch/list/ > > ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
