[thelist] Root and .htaccess

Elias Griffin essenceblue at fastmail.fm
Mon Jul 21 19:01:42 CDT 2003


Hey guys and gals,

I have a question about best practices. I inheritied a website running
on a linux box using .htaccess files for site security. In the meantime
while a database driven username and password system is being developed
for this website I have a question about what would be best pratice of
the current system at this very second. Let me get specific. Currently,
we have a .htaccess file in the main directory of the site that points
to a users file containing all usernames and shadowed passwords. You add
users to this list by logging on to root and executing the _htpasswd_
command with the proper parameters. We then record the username and
password in an local excel file because of the users demand that we
reiterate their password in case they lose it instead of making new ones
as they tend to forget their passwords very often because of limited
use. 

New access requests for the site are about 4 requests per month.
Username and password retrieval is needed about once a month. The site
has about 80 users of which about 12 are regular users logging in about
an average of 3 times a week.

Now *as the current system is right now* would it be best practice for
me to have:

A) Limited number of people (or one) taking requests for new/changed
users, logging in as root (giving them root access) to the live
webserver, executing the scripts and updating the single local excel
file. 

B) Many people to seperately take new/changed requests, logging in as
root (giving them root access) to the live webserver, executing scripts
and updating the excel file on someone's workstation when a change is
made.

Believe me I know there are much better ways of handling site users and
security issues here and improvements to be made but I want to ask a
question about a point in time. *Now*... as the system stands which is
the best practice A or B?

Thanks for any responses (=
Essence Blue

The Essence extends life.
The Essence enhances prescient ability.
The Essence is essential to space travel.




More information about the thelist mailing list