[thelist] .htaccess

Anthony Baratta Anthony at Baratta.com
Thu May 31 22:33:01 CDT 2001


At 08:10 PM 5/31/2001, you wrote:
>On 31 May 2001, at 20:51, Warden, Matt posted a message which said:
>
> > > What do I need to add to my .htaccess file to stop people being
> > > able to read my .htpasswd file through the browser?
>
> > Nothing really. Simply store your .htpasswd file below the site root.
>
>That sorta defeats the purpose of an .htaccess file. If it's not in the
>htdocs tree, it doesn't function as an .htaccess file.

The point is you shouldn't have the PASSWORD file in the web tree at all. I 
never put the .htpasswd file in any directory accessible as content by the 
web server. So even if they could pull the .htaccess file via the browser, 
it doesn't gain them anything.
---
Anthony Baratta
President
Keyboard Jockeys





More information about the thelist mailing list