RE: security and .htaccess

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 8:46 AM -0700 12/4/06, Frank Reichenbacher, Bio-Concepts, Inc. wrote:

 > -----Original Message-----

 From: tedd [mailto:tedd@xxxxxxxxxxxx]
 Sent: Monday, December 04, 2006 08:29
 To: php-general@xxxxxxxxxxxxx; ceo@xxxxxxxxx; frank@xxxxxxxxxxx
 Subject: RE:  security and .htaccess


<snip>



 At 8:57 PM -0700 12/3/06, Frank Reichenbacher wrote:
 >That is the MS FrontPage auth system. Directories beginning with _
 >underscores cannot be viewed in your browser. Unless you want to
 >dump FrontPage, you do not want to be messing with this setup.
 >
 >If you can't view these directories in FrontPage, it's because you
 >do not have the website set to show hidden files. Tools>Site
 >Settings.

 Ahhh, thanks -- so it's a FrontPage phenomena. I was wondering about
 that. I've heard enough bad things about FrontPage to shy away from
 that.

 I've used both .htacess (AuthUserFile ) and pulling a md5 encrypted
 password from MySQL -- is one method more secure than another or are
 they both about the same?


I can't comment on the last question, but before you do anything, contact
your hosting company and tell them to uninstall the FrontPage extensions
that are currently supposed to be managing your content. It's about 10MB
worth of cgi. It will (I think) return access control to .htaccess and
.htpasswd and will alter the .htaccess to the default security. Otherwise
you will be hacking up the whole structure piece-by-piece.

I use FrontPage to manage several websites, but there are some things that
it gets in the way of since my servers are all UNIX.

Frank


Frank:
I appreciate the advice and I would uninstall FrontPage (have done so on other sites) if I were the lead programmer in this deal. However, sharper minds than mine apparently know better.
I've looked at the project in question and with over 16,500 files, I've decided to pass. Sometimes I just don't understand why people make things so hard on themselves. 

Thanks to all.

tedd

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux