28 May
2009
28 May
'09
2:46 a.m.
On Wed, May 27, 2009 at 05:36:19PM -0700, John R Pierce wrote:
I've generally stuck them in an app specific directory, if your website is all in /var/www, I'd probably stash them in a subdir of that.
Just don't stick them under htdocs; or if you do then ensure there's an access control to prevent the web server from sending the contents of .htpasswd to a requesting evil person.
--
rgds
Stephen