On Sun, December 3, 2006 9:57 am, tedd wrote:
> At 10:35 PM +0100 12/2/06, Alain Roger wrote:
>>I'm working on .htaccess file for improving security.
>>Based on documentation from PHPSEC.org, we should be able to store
>>login and DB_PASS password in some secret-stuff (for example) file,
>> which
>>should be located outside root of web document root. (for example in
>> some
>>/path_to_secret folder)
> The "path_to_secret folder" thing -- I have a question about.
> I'm working with what a host provides me and I've seen paths that I
> can traverse/access and paths in a .htpacess file that I can't. For
> example, in one site I see a .htaccess file that contains:
> AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd
> But, the "_vit_pvt" folder is not apparent. I can't get to it -- is
> this a host file that only they can access, or is there a secret
> handshake I need to get to it, or what?

That's a bull-crap made-up directory reference that FrontPage or
something of that ilk added because everybody uses FrontPage, and
everybody uses their lame-brained "security" layout of weird directory

Replace it with a real AuthUserFile reference.


Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
Yeah, I get a buck. So?

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to