httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gunter Sammet" <Gun...@SammySolutions.com>
Subject [users@httpd] htpasswd security question
Date Fri, 30 Aug 2002 17:25:53 GMT
Hello all:
I wrote a script in php which pulls users and passwords from a DB and writes
to the htpasswd file. In order to get this going, I had to make the
/.htpasswd/<subfolder>/ world writeable (did 777).
My concern would be security. Are there any security threads if this folder
is world readable. AFAIK, this folder shouldn't be accessible through the
web server since it isn't in the public_html directory. But I am a newbie in
security, so I am not sure if this could be hacked.
If it is, how could I get the PHP script to create the file with 700 or any
other secure settings?
TIA

Gunter


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message