Results 1 to 2 of 2
  1. #1
    adamherb
    Guest
    how secure is .htaccess
    I want to host a website with standard websharing that is in OS X. I have heard that there are some ways that are out there that are easy to bypass. I dont want that, and I want to be sure that nobody can get to it. I understand that it is never going to be toatally secure. I want to use the .htaccess type password folder securing so that the websites that i put in that folder are password protected. If i just stick the files that i want to share in that folder, and then put links on one of the pages to it, then will it be secure. I think that when someone wants to access that file that it will just ask for the password. Is there a way that i can make it so that the files can be viewed remotely, and that i dont have to put a link to every file.
    1. What i want to know, is if .htaccess is secure, and not bypassable.
    2. If i put one of the .html files into the folder, and then link to it, will my server just ask for the password.
    3. Is there a way that the remote person can see the files that i have in the folder?

    Thank you for any reading this long post.

  2. #2

    xstep's Avatar
    Member Since
    Jun 25, 2005
    Location
    On the road
    Posts
    3,231
    Specs:
    2011 MBP, i7, 16GB RAM, MBP 2.16Ghz Core Duo, 2GB ram, Dual 867Mhz MDD, 1.75GB ram, ATI 9800 Pro vid
    The .htaccess file it self is as secure as the other content in the directory. So if your server supports using .htaccess to control logins, only those with a username and password should be able to get into the directory. A basic .htaccess for for this purpose looks like this;

    AuthName "Some Name to Present the User"
    AuthType Digest
    AuthDigestFile /home/myname/passwords/myusers.htdigest
    require valid-user

    The AuthName line gives the user a clue where they are loging into to.

    The AuthType is the type of encryption used for the password. Basic is not encrypted at all, while Digest is encrypted. If you can, you want to use Digest. Review the man page for htdigest which is the command used to create usernames with encrypted passwords.

    The AuthDigestFile line is the file created via htdigest. It should not be in a directory readable by the world. On my public .com site hosted by a hosting service I place the file above the public_html directory where my web site is. I happen to know other users of the server could grab that file and try brute force methods to crack the passwords. But that is life. Nothing is totally secure. Since I am the only person accessing my other server at home, I know I'm the only one who can access the files. Given I doen't get cracked.

    The require line says that to access the directory files, the user needs to login successfully.

    When every I set this stuff up, I start up a browser from scatch and try the site. One thing I do is enter a URL for a specific file such as an image.

    So...

    1. What i want to know, is if .htaccess is secure, and not bypassable.
    As far as I know, as long as the web server or .htaccess file hasn't been cracked and properly working, it is not bypassable.

    2. If i put one of the .html files into the folder, and then link to it, will my server just ask for the password.
    Yes, a box will come up asking for a username and password.

    3. Is there a way that the remote person can see the files that i have in the folder?
    Only when logged it. If they can't enter a valid username/password, then they get an error to try again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Web developing, Htaccess
    By patrickv in forum Web Design and Hosting
    Replies: 9
    Last Post: 03-20-2011, 05:44 AM
  2. .htaccess headaches
    By bexxy in forum Web Design and Hosting
    Replies: 6
    Last Post: 09-12-2009, 07:11 PM
  3. htaccess configuration
    By frisbeefodder in forum Web Design and Hosting
    Replies: 2
    Last Post: 06-03-2008, 07:47 PM
  4. MAMP and htaccess
    By roggnroll in forum Web Design and Hosting
    Replies: 8
    Last Post: 01-14-2007, 05:36 AM
  5. Working with .htaccess files
    By vickers in forum Web Design and Hosting
    Replies: 11
    Last Post: 12-03-2006, 12:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •