Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'WebDAV Tutorial: a warning' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
WebDAV Tutorial: a warning
Authored by: Elander on Jul 28, '02 10:38:33AM

You hit the nail there: the .htaccess file is publicly accessible. Not only that, it has to be read by the Apache server, so every user -- or scripts uploaded by users -- can read it. The "invisibilty" offers no real protection, it only hides the file from Finder view. Unless you change the file permissions to exclude the Apache server from also altering the file, your system is wide open!

Using httpd.conf, and a password file outside the server hierarchy is thus less unsafe. Unless you screw up the permissions yourself of course... ;-D

In short: don't use ".htaccess" and be careful when you choose passwords and assign privileges!



[ Reply to This | # ]