 Preserved Topic: Proper chmod for .htaccess and .htpasswd |
|
|---|---|
| Author | Thread |
|
Nervous Wreck (II) Inmate From: |
posted 03-17-2001 20:08
I recently setup a password protected page and custom error page on my site but the problem is the htaccess and htpasswd files can be publicly viewed. Following the FAQ at http://www.panix.com/corp-web/faq/htaccess.html I set .htaccess to chmod 644 and the .htpasswd to chmod 604 but its still publicly viewable. Other combinations of chmods I've tried disable both server and user access. Any one know the right chmod mode to use for both the files so that the server will execute or view them but internet users wont be able o view the contents? I doubt it has anything to do with the host; hypermart. |
|
Nervous Wreck (II) Inmate From: |
posted 03-17-2001 20:22
Also is there any particular chmod I should use for the directory or should I use the default chmod 755? |
|
Maniac (V) Mad Scientist From: Belgrade, Serbia |
posted 03-17-2001 22:59
Actually, setting file permissions is not the proper way to hide those files. Most web servers won't show files that begin with ".ht*" (Apache is configured like this by default), but since you can view those files, Hypermart probably configured their servers differently. So, my suggestion is to take a look a Hypermart's FAQ (if they have any). Also, you can try adding this to your .htaccess file: |
|
Nervous Wreck (II) Inmate From: |
posted 03-18-2001 04:49
Thanks. I tried it and it works perfectly without a flaw. I really appreciate your help. |
|
Nervous Wreck (II) Inmate From: Ontario |
posted 03-25-2001 02:22
There's actually two problems here. The first was what max said, to prevent people from viewing the files through apache. You can't stop that by changing the file permissions, because apache has to be able to read those files, and if apache can read them, everyone on the web can. So, max solved your problem with internet users seeing those files, problem being, everyone still has permissions on those files, and therefore anyone else with an account on that server can look at them. You should chown your .htpasswd and .htaccess to you.apache, where you is your username and apache is the group apache is running as, then chmod 740 it. Very basic permissions lesson for you, the first number is the owners permission, the second number is the groups permission and the third number is everyone else on the system's permissions. You want to make you have full permissions, apache's group have only read permissions, and everyone else have nothing. |
|
Maniac (V) Mad Scientist From: Belgrade, Serbia |
posted 03-25-2001 06:18
GenericPlayer, if I remember correctly Hypermart doesn't give you high control over your domain (it's a free host), so I'm not really sure that he can issue chown command (I don't even think that he has telnet/ssh access)... |
- Copyright ©1994-2024 by Doctor Thaddeus Ozone, all rights reserved. -
- Grail copyright ©2000-2024 by Tyberius Prime, all rights reserved. -
Debug: This page needed 0.00125813 seconds to process.
