Make sure that the .htpasswd file is BELOW the public files root. That way,
it can't be accessed through a browser, unless the person who has written
the file to try and read the .htpasswd has uploaded their file to the server
it resides on, and has permission to access that low level directory. They
can't read files in a directory route, unless they're in the directory: So
a URL reference won't work. If you've uploaded the .htpasswd to /www/admin
They could do an include for:
<?
include(http://www.yoursite.com/admin/.htpasswd);
?>
..................So:
/home/myfiles/.htpasswd
Rather than
/home/myfiles/publicwwwfiles/.htpasswd
Hope that's of some use to you.
James.
""Thor M. Steindorsson"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Should this be possible?
> I know this isn't an issue with php, but since I used php to do this, I
> figured maybe someone here has encountered the same thing, and knows how
to
> help.
> Is this something that can be fixed by making some changes on the linux
> server?
>
> By using this:
>
> <?
> echo "<pre>";
> include("/home/someuser/www/admin/.htaccess");
> echo "</pre>";
> ?>
>
> I can see what .htpasswd file is used, and then I can simply change the
code
> to display that particular password file, then take the encrypted
password,
> and decrypt it to gain access to that protected area.
>
> I have a feeling this is a permissions issue on the Linux server...
> Can anyone point me in the right direction with this?
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
