|
|
|
Next: Apache: Add some description to my files
|
| Author |
Message |
External
Since: Mar 07, 2004
Posts: 4
|
(Msg. 1) Posted: Wed Mar 10, 2004 2:07 am
Post subject: .htaccess file for protecting user data and password files
Archived from groups: alt>apache>configuration (more info?)
|
|
|
Hello there,
I've got a cgi-bin directory with some scripts. In one users' folder
(users of a message board), plain text files contain info and passwords.
The .htaccess file for this folder/directory reads:
<Limit GET POST HEAD>
order deny,allow
deny from all
</Limit>
Is this sufficient to keep these files from being downloaded or otherwise
accessed outside of proper use of the board? Trying to grab any of these
files from a browser only results in a misconfiguration (500) error, but
I'm a little uncomfortable with this, as this does show that the files
exist.
Many thanks,
--
Swedey |
|
| Back to top |
|
 | |
External
Since: Nov 03, 2003
Posts: 2907
|
(Msg. 2) Posted: Wed Mar 10, 2004 11:50 am
Post subject: Re: .htaccess file for protecting user data and password files [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Swedey <swedey.DeleteThis@gmx.de> wrote:
> Is this sufficient to keep these files from being downloaded or otherwise
> accessed outside of proper use of the board?
Well, if you can't put them somewhere out of reach (in the conf directory
of the web server for example)...
Davide
--
| Reporter, n.: A writer who guesses his way to the truth and dispels
| it with a tempest of words. -- Ambrose Bierce, "The Devil's
| Dictionary"
|<!-- ~MESSAGE_AFTER~ --> |
|
| Back to top |
|
| |
External
Since: Oct 29, 2003
Posts: 8
|
(Msg. 3) Posted: Thu Mar 11, 2004 10:24 am
Post subject: Re: .htaccess file for protecting user data and password files [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hello Swedey,
maybe you can also use the method apache uses for the
..htaccess-files in the httpd.conf:
<Files ~ "^\[pattern]">
Order allow,deny
Deny from all
Satisfy All
</Files>
Greets, Marc
Swedey wrote:
> Hello there,
> I've got a cgi-bin directory with some scripts. In one users' folder
> (users of a message board), plain text files contain info and passwords.
>
> The .htaccess file for this folder/directory reads:
>
> <Limit GET POST HEAD>
> order deny,allow
> deny from all
> </Limit>
>
> Is this sufficient to keep these files from being downloaded or otherwise
> accessed outside of proper use of the board? Trying to grab any of these
> files from a browser only results in a misconfiguration (500) error, but
> I'm a little uncomfortable with this, as this does show that the files
> exist.
>
> Many thanks,<!-- ~MESSAGE_AFTER~ --> >> Stay informed about: .htaccess file for protecting user data and password files |
|
| Back to top |
|
| |
|
FAQ
Search
Profile
Private Messages
Log in/Register/Password
