[CentOS] Apache Authorization Access Control - location of, htpasswd in Centos 5.1

Mon Apr 7 01:47:31 UTC 2008
Pam Astor <pamastor at hotmail.com>

> It sounds like you are very used to the 'Windows' way of doing things.> I don't recommend creating a directory in the root filesystem for this> purpose. Its a bad idea, and not even a good idea in Windows.> > Is there any real need to deny outsiders access to your genealogy site?> You would probably get much help from outsiders (long-forgotten 2nd> cousins etc) who stumble upon your site.
Yes you are probabally right, just curious though about using apache 
access control for a site, never did it before, maybe at some point I'll have
a use for it.  Question though, if my permissions are set properly, to maybe 555 or 644 and
the directories are owned by apache, then does it really matter where the
directory is?  Or is it much easier to hack if it's in the root file system?  If so,
why is it easier to hack?
> > This solution you are wanting, is not often used because of its> inflexibility. I only see it used by extreme noobs, wanting to> password-protect an area of their site. While family members will have> their interest piqued by having access to a 'secret' site, their> interest may wane at the annoyance of having to enter a user/password> each time and 'disappear' once the initial novelty wears off.
You are prob. correct there. I guess the only reason why I thought
a password protected site would be a good idea, is because I am using
phpgedview, and names are viewable and anyone can edit it who has a phpgedview account.
I figured that people still living who want to add their personal infomration to the
family tree might be less likely to do so if they think their names and personal info
are publically view able.
> If you are wanting 'security through obscurity', an even quicker> solution is simply to place an index.html file in your web> directory /var/www/html> This will stop a casual user from browsing and getting a listing of> files at your site, since they will get a blank page if they go to> www.yoursite.com> Now add a directory (say) /familygenealogy2 and put all your genealogy> web files in this directory.> So for any member of your family to browse the site, they just need to> point the browser to (and bookmark) www.yoursite.com/familygenealogy2> and once there. can browse any file you have placed.> This will have the same security as requiring a user/password, since> no-one can see the files unless they know the> directory /familygenealogy2 exists.> I really, really would choose this solution, rather than a single> user/password.
Your secirity through obscurity idea is a good one for static pages,
but my hope is that other distant family members will want to add their info
and that maybe they would be hesitant to do so if they think others on the 
net can see it.  I have a robots.txt User-Agent: *Disallow: / file, but don't some search engines still ignore them?
Anyway maybe I am just overly concerned about this privacy thing.
Get in touch in an instant. Get Windows Live Messenger now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080406/e38ed2f0/attachment-0005.html>