Im not exactly sure why that is worse, could you elaborate a little? Josh On Fri, 3 May 2002, Miguel Cruz wrote:
> Thus leaving the FTP account's password in view of the httpd, which is > even worse... > > miguel > > On Fri, 3 May 2002, serj wrote: > > You could use fopen() to connect to the file via ftp therefore keeping > > the .htaccess file owned by the user for increased security. > > > > Josh Boughner > > > > On Fri, 3 May 2002, Mike Eheler wrote: > > > > > It's possible, but is it really recommended? Wouldn't the > > > .htaccess/.htpasswd file have to be owned by the apache user, which > > > might leave it open to being overwritten by any kind of a > > > weak/exploitable script? > > > > > > Mike > > > > > > Josh & Valerie McCormack wrote: > > > > I've used the script phtaccess, which I think used the mentioned class. > > > > Super easy to use. > > > > > > > > Josh > > > > > > > >> On Wed, 1 May 2002, Kelly Meeks wrote: > > > >> > > > >>>> Is is possible to use php to admin a password file used by a > > > >>>> .htaccess file? > > > >>> > > > >>> > > > >> > > > >> You should check the File_Passwd class from PEAR. > > > >> > > > >> http://chora.php.net/cvs.php/php4/pear/File > > > >> > > > >> -- > > > >> Mika Tuupola http://www.appelsiini.net/~tuupola/ > > > >> > > > > > > > > > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
