At 8:46 AM -0700 12/4/06, Frank Reichenbacher, Bio-Concepts, Inc. wrote:
> -----Original Message-----
From: tedd [mailto:tedd@xxxxxxxxxxxx]
Sent: Monday, December 04, 2006 08:29
To: php-general@xxxxxxxxxxxxx; ceo@xxxxxxxxx; frank@xxxxxxxxxxx
Subject: RE: security and .htaccess
<snip>
At 8:57 PM -0700 12/3/06, Frank Reichenbacher wrote:
>That is the MS FrontPage auth system. Directories beginning with _
>underscores cannot be viewed in your browser. Unless you want to
>dump FrontPage, you do not want to be messing with this setup.
>
>If you can't view these directories in FrontPage, it's because you
>do not have the website set to show hidden files. Tools>Site
>Settings.
Ahhh, thanks -- so it's a FrontPage phenomena. I was wondering about
that. I've heard enough bad things about FrontPage to shy away from
that.
I've used both .htacess (AuthUserFile ) and pulling a md5 encrypted
password from MySQL -- is one method more secure than another or are
they both about the same?
I can't comment on the last question, but before you do anything, contact
your hosting company and tell them to uninstall the FrontPage extensions
that are currently supposed to be managing your content. It's about 10MB
worth of cgi. It will (I think) return access control to .htaccess and
.htpasswd and will alter the .htaccess to the default security. Otherwise
you will be hacking up the whole structure piece-by-piece.
I use FrontPage to manage several websites, but there are some things that
it gets in the way of since my servers are all UNIX.
Frank
Frank:
I appreciate the advice and I would uninstall FrontPage (have done so
on other sites) if I were the lead programmer in this deal. However,
sharper minds than mine apparently know better.
I've looked at the project in question and with over 16,500 files,
I've decided to pass. Sometimes I just don't understand why people
make things so hard on themselves.
Thanks to all.
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php