onlyican Posted August 10, 2007 Share Posted August 10, 2007 Hey all. I am creating a website. This website has multiple files, which are confidential and important, so need to be kept secure. The files and the Website linking to the files are behind a Linux Password section. (you know tha pop up which comes up asking you to enter your details) How secure is this? If not secure or anything, please give me a link showing why not. Quote Link to comment Share on other sites More sharing options...
effigy Posted August 10, 2007 Share Posted August 10, 2007 Are you referring to Apache's Authentication? Quote Link to comment Share on other sites More sharing options...
onlyican Posted August 10, 2007 Author Share Posted August 10, 2007 aye sorry, I just found that out when looking through the job I have a spec sheet here, whcih mentions Review Linux Password Security. After reading the website data, it is actually Apache Authentication (.htaccess / .htpasswd) Quote Link to comment Share on other sites More sharing options...
effigy Posted August 10, 2007 Share Posted August 10, 2007 As long as the password files are outside of the document root you should be fine. For added security, use 600 permissions. This will only allow the apache user to read and write to the file. Quote Link to comment Share on other sites More sharing options...
steviewdr Posted August 13, 2007 Share Posted August 13, 2007 effigy: I think .htaccess and .htpasswd files need to be 644 unless you can chown them to the apache user (which only root can do). htaccess auth is ok on a dedicated server. On a shared server, htaccess auth does not provide much security, as it might be possible for other users to access files. -steve Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.