[CentOS] Where to put .htpasswd

Thu May 28 01:07:24 UTC 2009
John R Pierce <pierce at hogranch.com>

Stephen Harris wrote:
> On Wed, May 27, 2009 at 05:36:19PM -0700, John R Pierce wrote:
>   
>> I've generally stuck them in an app specific directory, if your website 
>> is all in /var/www, I'd probably stash them in a subdir of that.
>>     
>
> Just don't stick them under htdocs; or if you do then ensure there's an
> access control to prevent the web server from sending the contents of
> .htpasswd to a requesting evil person.
>   

pretty much every default httpd.conf I've ever seen has had a access 
control blocking */.ht*

but, i guess I hit send to soon, I didn't mean to put it in 
/var/www/httpd   rather, in /var/www/somethingelse