logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: .htpasswd location - absolute vs relative
Author
food monkey



Joined: 27 Aug 2010
Posts: 4
Location: Australia

PostPosted: Wed 01 Sep '10 14:57    Post subject: .htpasswd location - absolute vs relative Reply with quote

in the forums it recommends putting the .htpasswd file above the documentroot directory. it seems that this would then require an absolute path.

if i'm on a webhosting service i don't have the luxury of setting docroot in the apache httpd.conf file.

i'm running wamp on my dev test box and hosting is running linux so i won't have any control over the absolute path to .htpasswd. i would doubt apache would let me enter a relative path that goes above the docroot dir.

am i missing something here?

oh and any recommendations on whether to use SHA1 or SHA2 for the password hash?

cheers guys (&gals).
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7368
Location: Germany, Next to Hamburg

PostPosted: Wed 01 Sep '10 15:20    Post subject: Reply with quote

Relative paths can be used, but they can get quite complicated since they are relative to the ServerRoot.

For the encryption question see How Apache Encrypted Passwords really work
Back to top
food monkey



Joined: 27 Aug 2010
Posts: 4
Location: Australia

PostPosted: Wed 01 Sep '10 15:51    Post subject: Reply with quote

yeh don't i know it. but surely the webhost would simply be using the redirect statement to divert any requests for my public web address to the directory space they've set up for me.

what's to stop me putting just an .htaccess file in that dir with a redirect to my "real" rootdir and putting the .htpasswd file in the aforementioned dir?

nobody would see that first directory and it wouldn't be in the directory tree of the website's docroot.
Back to top


Reply to topic   Topic: .htpasswd location - absolute vs relative View previous topic :: View next topic
Post new topic   Forum Index -> Apache