Re: How safe is a .htaccess file?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18 August 2010 01:41, tedd <tedd@xxxxxxxxxxxx> wrote:
> At 4:23 PM -0400 8/17/10, Robert Cummings wrote:
>>
>> On 10-08-17 04:17 PM, tedd wrote:
>>>
>>> Hi gang:
>>>
>>> The subject line says it all.
>>>
>>> How secure is a .htaccess file to store passwords and other sensitive
>>> stuff?
>>>
>>> Can a .htaccess file be viewed remotely?
>>
>> It depends on the server configuration. I think for the most part apache
>> servers disable viewing these files by default. But, in any event, when
>> these include access restriction, I always point it at a user/password file
>> outside the web tree.
>>
>> Cheers,
>> Rob.
>> --
>
> Rob:
>
> When you're on a shared hosting account, they typically prohibit files being
> outside of the web root. Some do, some don't. For example, GoDaddy.com
> prohibits files outside of the web root while Parasane.net doesn't, at least
> my experience with my accounts.
>
> I'm simply trying to find the "best" method to hide sensitive information on
> a shared hosting environment. Thus far, it appears that .htaccess files are
> the safest bet, but I understand that nothing is certain -- every method has
> risks.

Try accessing a .htaccess file that you have created - if you get a
403 or anything to that effect, you're safe. You might also want to
try the same with .htpasswd and .htgroups (they'll likely be blocked
as well, but better safe than sorry). That way you'll actually know if
they're safe instead of just relying on our guesses about your
servers.

Regards
Peter

-- 
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux