Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'you mean the password file?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
you mean the password file?
Authored by: jima on Jul 28, '02 05:18:32AM
Yes, it's a bad idea to have the password file in a publicly accessable directory, but the .htaccess has to be there to protect the directory (unless you do it in the httpd.conf). So on OS X a safer place to put the password file is in /Library/Webserver. Just don't put it anywhere in /Libabry/Webserver/Documents. Use this to create a new password file called .htpasswd:
htpasswd -c /Library/Webserver/.htpasswd username
And to add new users just remove the "-c". Also it's a good idea to prepend a dot (".") to your password file name so that they are hidden. Note that the way Elander described this part in his tutorial is much better -- not only is the password file in a non-readible directory, but instead of using a .htaccess file it's was done in the httpd.conf. I don't know if it's more secure not using the .htaccess file, but I do know that it's MUCH faster. Still you should use hidden names for the password files. Jima

[ Reply to This | # ]
Ignore above: posted in wrong place
Authored by: jima on Jul 28, '02 05:30:03AM

this was meant to to be a reply to Elander's "WebDAV Tutorial: a warning"

so sorry :)



[ Reply to This | # ]