httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Harris" <dhar...@drh.net>
Subject RE: Change relative path for AuthUserFile, perhaps?
Date Thu, 13 May 1999 02:54:52 GMT

Raymond S Brand wrote:
> I, personally, would prefer that the Auth*Files be relative to the
> AccessFile directory (with warnings in the documentation) or absolute
paths.
> DocumentRoot is not always meaningful, think about the Alias and UserDir
> directives; ServerRoot can be on a read only partition. This would benefit
> virtual hosting setups and multi department/project setups of the kind
I've
> been doing.

I agree. Having the path be relative to the directory of the AccessFile
which contains the Auth*Files directive is better. That's what I most
commonly have... a .htaccess and .htpasswd file in the same directory.

Then adding in blocking for .htpasswd files just like .htaccess files, along
with a warning on the docs could help with security.

Can this be done? What about reverse compatibility for other webmasters?

 - David Harris
   Principal Engineer, DRH Internet Services



Mime
View raw message