28 May
2009
28 May
'09
1:07 a.m.
Stephen Harris wrote:
On Wed, May 27, 2009 at 05:36:19PM -0700, John R Pierce wrote:
I've generally stuck them in an app specific directory, if your website is all in /var/www, I'd probably stash them in a subdir of that.
Just don't stick them under htdocs; or if you do then ensure there's an access control to prevent the web server from sending the contents of .htpasswd to a requesting evil person.
pretty much every default httpd.conf I've ever seen has had a access control blocking */.ht*
but, i guess I hit send to soon, I didn't mean to put it in /var/www/httpd rather, in /var/www/somethingelse