well, that doesn't really apply, since I can also use
/etc/httpd/conf/httpd.conf
as an include file and it displays perfectly...
-----Original Message-----
From: James, Yz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 08, 2001 1:54 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] security help
In addition,
(if using .htaccess) They would only be able to read the .htpasswd from
public directory if they had first authorised themselves. The browser will
prompt them to identify before it allows files from a protected directory to
be included.
J.
> Make sure that the .htpasswd file is BELOW the public files root. That
way,
> it can't be accessed through a browser, unless the person who has written
> the file to try and read the .htpasswd has uploaded their file to the
server
> it resides on, and has permission to access that low level directory.
They
> can't read files in a directory route, unless they're in the directory:
So
> a URL reference won't work. If you've uploaded the .htpasswd to
/www/admin
> They could do an include for:
>
> <?
> include(http://www.yoursite.com/admin/.htpasswd);
> ?>
>
> ..................So:
>
> /home/myfiles/.htpasswd
>
> Rather than
>
> /home/myfiles/publicwwwfiles/.htpasswd
>
> Hope that's of some use to you.
> James.
>
> ""Thor M. Steindorsson"" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Should this be possible?
> > I know this isn't an issue with php, but since I used php to do this, I
> > figured maybe someone here has encountered the same thing, and knows how
> to
> > help.
> > Is this something that can be fixed by making some changes on the linux
> > server?
> >
> > By using this:
> >
> > <?
> > echo "<pre>";
> > include("/home/someuser/www/admin/.htaccess");
> > echo "</pre>";
> > ?>
> >
> > I can see what .htpasswd file is used, and then I can simply change the
> code
> > to display that particular password file, then take the encrypted
> password,
> > and decrypt it to gain access to that protected area.
> >
> > I have a feeling this is a permissions issue on the Linux server...
> > Can anyone point me in the right direction with this?
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
