Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: .htpasswd location - absolute vs relative |
|
Author |
|
food monkey
Joined: 27 Aug 2010 Posts: 4 Location: Australia
|
Posted: Wed 01 Sep '10 14:57 Post subject: .htpasswd location - absolute vs relative |
|
|
in the forums it recommends putting the .htpasswd file above the documentroot directory. it seems that this would then require an absolute path.
if i'm on a webhosting service i don't have the luxury of setting docroot in the apache httpd.conf file.
i'm running wamp on my dev test box and hosting is running linux so i won't have any control over the absolute path to .htpasswd. i would doubt apache would let me enter a relative path that goes above the docroot dir.
am i missing something here?
oh and any recommendations on whether to use SHA1 or SHA2 for the password hash?
cheers guys (&gals). |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7368 Location: Germany, Next to Hamburg
|
Posted: Wed 01 Sep '10 15:20 Post subject: |
|
|
Relative paths can be used, but they can get quite complicated since they are relative to the ServerRoot.
For the encryption question see How Apache Encrypted Passwords really work |
|
Back to top |
|
food monkey
Joined: 27 Aug 2010 Posts: 4 Location: Australia
|
Posted: Wed 01 Sep '10 15:51 Post subject: |
|
|
yeh don't i know it. but surely the webhost would simply be using the redirect statement to divert any requests for my public web address to the directory space they've set up for me.
what's to stop me putting just an .htaccess file in that dir with a redirect to my "real" rootdir and putting the .htpasswd file in the aforementioned dir?
nobody would see that first directory and it wouldn't be in the directory tree of the website's docroot. |
|
Back to top |
|
|
|
|
|
|