httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <unkn...@riverstyx.net>
Subject Re: Change relative path for AuthUserFile, perhaps?
Date Thu, 13 May 1999 03:37:17 GMT
Is that really necessary?  If you go that route, you'll need to add a
(normally) unnecessary <file .htpasswd> directive to httpd.conf.  it's
still possible for the users to use .htpasswd files since they can just
specify an absolute path.

---
tani hosokawa
river styx internet


On Wed, 12 May 1999, David Harris wrote:

> Hi,
> 
> Currently the configuration directive AuthUserFile is taken as relative to
> the ServerRoot. Well, in an virtual hosting setup where none of my users has
> access to the ServerRoot, this is not really useful. I'd rather have it
> relative to the document root or the directory of the .htaccess file.
> 
> I think making this relative to the server root was designed to support
> people keeping the .htpasswd files out of the document root so that they
> can't be downloaded. But this can just as easily done by denying access to
> .htpasswd just like .htaccess for all users, which is what I intend to do.
> 
> Oh, and if AuthUserFile is changed, then AuthGroupFile should also be
> changed.
> 
> Are others interested in seeing this change made? Does changing this sound
> possible? Any thoughts?
> 
> References:
> http://www.apache.org/docs/mod/mod_auth.html#authuserfile
> 
> Thanks for reading this request!
> 
>  - David Harris
>    Principal Engineer, DRH Internet Services
> 
> 


Mime
View raw message