New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Web Design and Hosting Creating sites, scripting, and hosting discussions.

how secure is .htaccess


Post Reply New Thread Subscribe

 
Thread Tools
adamherb
Guest
 
Posts: n/a

I want to host a website with standard websharing that is in OS X. I have heard that there are some ways that are out there that are easy to bypass. I dont want that, and I want to be sure that nobody can get to it. I understand that it is never going to be toatally secure. I want to use the .htaccess type password folder securing so that the websites that i put in that folder are password protected. If i just stick the files that i want to share in that folder, and then put links on one of the pages to it, then will it be secure. I think that when someone wants to access that file that it will just ask for the password. Is there a way that i can make it so that the files can be viewed remotely, and that i dont have to put a link to every file.
1. What i want to know, is if .htaccess is secure, and not bypassable.
2. If i put one of the .html files into the folder, and then link to it, will my server just ask for the password.
3. Is there a way that the remote person can see the files that i have in the folder?

Thank you for any reading this long post.
QUOTE Thanks
xstep

 
xstep's Avatar
 
Member Since: Jun 25, 2005
Location: On the road
Posts: 3,231
xstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to all
Mac Specs: 2011 MBP, i7, 16GB RAM, MBP 2.16Ghz Core Duo, 2GB ram, Dual 867Mhz MDD, 1.75GB ram, ATI 9800 Pro vid

xstep is offline
The .htaccess file it self is as secure as the other content in the directory. So if your server supports using .htaccess to control logins, only those with a username and password should be able to get into the directory. A basic .htaccess for for this purpose looks like this;

AuthName "Some Name to Present the User"
AuthType Digest
AuthDigestFile /home/myname/passwords/myusers.htdigest
require valid-user

The AuthName line gives the user a clue where they are loging into to.

The AuthType is the type of encryption used for the password. Basic is not encrypted at all, while Digest is encrypted. If you can, you want to use Digest. Review the man page for htdigest which is the command used to create usernames with encrypted passwords.

The AuthDigestFile line is the file created via htdigest. It should not be in a directory readable by the world. On my public .com site hosted by a hosting service I place the file above the public_html directory where my web site is. I happen to know other users of the server could grab that file and try brute force methods to crack the passwords. But that is life. Nothing is totally secure. Since I am the only person accessing my other server at home, I know I'm the only one who can access the files. Given I doen't get cracked.

The require line says that to access the directory files, the user needs to login successfully.

When every I set this stuff up, I start up a browser from scatch and try the site. One thing I do is enter a URL for a specific file such as an image.

So...

Quote:
1. What i want to know, is if .htaccess is secure, and not bypassable.
As far as I know, as long as the web server or .htaccess file hasn't been cracked and properly working, it is not bypassable.

Quote:
2. If i put one of the .html files into the folder, and then link to it, will my server just ask for the password.
Yes, a box will come up asking for a username and password.

Quote:
3. Is there a way that the remote person can see the files that i have in the folder?
Only when logged it. If they can't enter a valid username/password, then they get an error to try again.
QUOTE Thanks

Post Reply New Thread Subscribe


« My page Needs improvement. Help! | website music player »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Secure Data Destruction whitey1285 OS X - Apps and Games 1 05-26-2005 05:21 PM
Flash Drive with secure drive software for OS X mynameis Other Hardware and Peripherals 0 04-24-2005 01:59 AM
Before Mac OS 10.4 - Secure Empty Trash msimonkey OS X - Operating System 6 02-10-2005 05:54 PM
How secure is the Mac...really? louisa OS X - Operating System 5 07-21-2004 12:56 AM
Secure Empty Trash AppleScript Brown Study OS X - Operating System 0 03-15-2004 03:10 PM

All times are GMT -4. The time now is 12:45 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?