www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matus \"fantomas\" Uhlar" <uh...@fantomas.sk>
Subject Re: mod_auth-any/8698: htpasswd file location
Date Mon, 12 Nov 2001 10:32:08 GMT
-> While you may not "want to" give them access to any non-web accessible
-> directory to store sensitive information that shouldn't be accessible via
-> HTTP requests, that doesn't change the fact that storing them inside the
-> document tree is a poor idea and, while Apache doesn't stop you from
-> doing it, it is NOT appropriate for Apache to make that the easiest thing
-> to do by defaulting to loading the file from the same directory as the
-> .htaccess file containing the auth directive.

Well, Is there any possibility to change directory the file is searched in
by a directive ? I don't want to give users access to ServerRoot and even
tell them full path their web is located in.

Maybe making ServerRoot different for vhosts. Or creating new directive for
these thing
-- 
 Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/
 Warning: I don't wish to receive spam to this address.
 Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu.
 REALITY.SYS corrupted. Press any key to reboot Universe.

Mime
View raw message