earthrisers
Mar 16 2005, 05:19 PM
I've been following the thread entitled "Hiding .inc.php files, Securing include files".
The "Apache Password Wizard" gives this advice near the end of its process...
---------------
It is extremely important that you prefix the file name with a "period", otherwise the file may be accessed from the web browser. Additionally, place this file outside of your DOCUMENT ROOT if possible.
----------------
Our "public_html" folder is the Document Root, isn't it?
If we place our .htpasswd file OUTSIDE of the public_html folder, what is the path to use to access it?
...i.e., the path that we have to specify in .htaccess, in the code
AuthUserFile /path/to/.htpasswd
(In the code shown in the "Hiding .inc.php files" thread, the writer apparently placed his .htpasswd file INSIDE of public_html. But that goes against the Wizard's advice...??)
Thanks,
Ernie
phpfreak
Mar 16 2005, 05:21 PM
Ernie,
Yes, it is recommended to put it outside the document root, however Apache will not allow access to anything prefixed with a period, so it's just an added security feature.
Sincerely,
earthrisers
Mar 16 2005, 05:27 PM
So if we wanted to be DOUBLY secure and put the file outside the root as well as using a period-prefix in the filename, how would we specify the full path?
E
phpfreak
Mar 16 2005, 05:29 PM
QUOTE(earthrisers @ Mar 16 2005, 12:27 PM)
So if we wanted to be DOUBLY secure and put the file outside the root as well as using a period-prefix in the filename, how would we specify the full path?
E
/full/path/to/file
For example:
/home2/username/path/.htpasswd
earthrisers
Mar 16 2005, 05:31 PM
thanks be unto you.
I'll go try that...
E
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.