I've used the script phtaccess, which I think used the mentioned class.
Super easy to use.
Josh
On Wed, 1 May 2002, Kelly Meeks wrote:
Is is possible to use php to admin a password file used by a .htaccess file?
You should check the File_Passwd class from PEAR.
It's possible, but is it really recommended? Wouldn't the
.htaccess/.htpasswd file have to be owned by the apache user, which
might leave it open to being overwritten by any kind of a
weak/exploitable script?
Mike
Josh Valerie McCormack wrote:
I've used the script phtaccess, which I think
You could use fopen() to connect to the file via ftp therefore keeping
the .htaccess file owned by the user for increased security.
Josh Boughner
On Fri, 3 May 2002, Mike Eheler wrote:
It's possible, but is it really recommended? Wouldn't the
.htaccess/.htpasswd file have to be owned by
Thus leaving the FTP account's password in view of the httpd, which is
even worse...
miguel
On Fri, 3 May 2002, serj wrote:
You could use fopen() to connect to the file via ftp therefore keeping
the .htaccess file owned by the user for increased security.
Josh Boughner
On Fri, 3 May
Im not exactly sure why that is worse, could you elaborate a little?
Josh
On Fri, 3 May 2002, Miguel Cruz wrote:
Thus leaving the FTP account's password in view of the httpd, which is
even worse...
miguel
On Fri, 3 May 2002, serj wrote:
You could use fopen() to connect to the file
You also can't overwrite files using the fopen() method. You'd need to
FTP in, then delete the file, then fopen() it.. or just do the whole
thing in one FTP session (write to a temp file, upload it, erase the
temp file).
Mike
Miguel Cruz wrote:
Thus leaving the FTP account's password in
If someone can overwrite your .htaccess there's a chance they can also
view files through the same exploit (possibly). They could then get your
FTP login info, and do a lot more damage than just removing password
access to an area.
Mike
Serj wrote:
Im not exactly sure why that is worse,
]
Subject: Re: [PHP] php/.htaccess/.htpasswd
You could use fopen() to connect to the file via ftp therefore keeping
the .htaccess file owned by the user for increased security.
Josh Boughner
On Fri, 3 May 2002, Mike Eheler wrote:
It's possible, but is it really recommended? Wouldn't
Being that the files are owned by their respective users, I would imagine
that would make it pretty difficult for the .htaccess file to be
overwritten, if someone found a way to overwrite the file couldn't that
person overwrite any file owned by the ftp user anyway? also I don't see
how
On Wed, 1 May 2002, Kelly Meeks wrote:
Is is possible to use php to admin a password file used by a .htaccess file?
You should check the File_Passwd class from PEAR.
http://chora.php.net/cvs.php/php4/pear/File
--
Mika Tuupola
Is is possible to use php to admin a password file used by a .htaccess file?
I know that sometimes it is easier/more robust to manage password protection via
sessions/database, but I've got a client that wants to use a .htaccess file.
How do you deal with the encryption of the passwords, etc?
]
To: [EMAIL PROTECTED]
Sent: Wednesday, May 01, 2002 2:12 PM
Subject: [PHP] php/.htaccess/.htpasswd
Is is possible to use php to admin a password file used by a .htaccess file?
I know that sometimes it is easier/more robust to manage password protection
via sessions/database, but I've got a client
12 matches
Mail list logo
