Don't chmod .htpasswd- _huge_ security risk... Will your server allow you to have suid scripts??? If so, you can just write a little wrapper and make it suid. If you do that, I'd also reccomend using an extension other than PHP, and/or placing it outside your web root. Wouldn't want people adding themselves...
I'd reccomend not using .htaccess at all, and just whip up a system using a real database, wth the real work done in PHP. htaccess just isn't designed to be dynamic. On Wednesday 22 January 2003 06:56 pm, Kris wrote: > Hi > > I've built a secure site. After the user has chosen a valid username and > password I want my script to run htpasswd on the .htpasswd file in the > directory. The script can run htpasswd as it doesn't have permission. > What is the safest way to do this? > Should I chmod htpasswd or is there a better option for this whole thing?? > > Thanks > > Kris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
