httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject Re: Change relative path for AuthUserFile, perhaps?
Date Thu, 13 May 1999 03:37:17 GMT
Is that really necessary?  If you go that route, you'll need to add a
(normally) unnecessary <file .htpasswd> directive to httpd.conf.  it's
still possible for the users to use .htpasswd files since they can just
specify an absolute path.

tani hosokawa
river styx internet

On Wed, 12 May 1999, David Harris wrote:

> Hi,
> Currently the configuration directive AuthUserFile is taken as relative to
> the ServerRoot. Well, in an virtual hosting setup where none of my users has
> access to the ServerRoot, this is not really useful. I'd rather have it
> relative to the document root or the directory of the .htaccess file.
> I think making this relative to the server root was designed to support
> people keeping the .htpasswd files out of the document root so that they
> can't be downloaded. But this can just as easily done by denying access to
> .htpasswd just like .htaccess for all users, which is what I intend to do.
> Oh, and if AuthUserFile is changed, then AuthGroupFile should also be
> changed.
> Are others interested in seeing this change made? Does changing this sound
> possible? Any thoughts?
> References:
> Thanks for reading this request!
>  - David Harris
>    Principal Engineer, DRH Internet Services

View raw message