Re: security and .htaccess

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, December 3, 2006 9:57 am, tedd wrote:
> At 10:35 PM +0100 12/2/06, Alain Roger wrote:
>>I'm working on .htaccess file for improving security.
>>Based on documentation from PHPSEC.org, we should be able to store
>> DB_USER
>>login and DB_PASS password in some secret-stuff (for example) file,
>> which
>>should be located outside root of web document root. (for example in
>> some
>>/path_to_secret folder)
>
> The "path_to_secret folder" thing -- I have a question about.
>
> I'm working with what a host provides me and I've seen paths that I
> can traverse/access and paths in a .htpacess file that I can't. For
> example, in one site I see a .htaccess file that contains:
>
> AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd
>
> But, the "_vit_pvt" folder is not apparent. I can't get to it -- is
> this a host file that only they can access, or is there a secret
> handshake I need to get to it, or what?

That's a bull-crap made-up directory reference that FrontPage or
something of that ilk added because everybody uses FrontPage, and
everybody uses their lame-brained "security" layout of weird directory
names.

Replace it with a real AuthUserFile reference.

:-)

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux