[CentOS] Where to put .htpasswd
John R Pierce
pierce at hogranch.com
Thu May 28 01:07:24 UTC 2009
Stephen Harris wrote:
> On Wed, May 27, 2009 at 05:36:19PM -0700, John R Pierce wrote:
>
>> I've generally stuck them in an app specific directory, if your website
>> is all in /var/www, I'd probably stash them in a subdir of that.
>>
>
> Just don't stick them under htdocs; or if you do then ensure there's an
> access control to prevent the web server from sending the contents of
> .htpasswd to a requesting evil person.
>
pretty much every default httpd.conf I've ever seen has had a access
control blocking */.ht*
but, i guess I hit send to soon, I didn't mean to put it in
/var/www/httpd rather, in /var/www/somethingelse
More information about the CentOS
mailing list