ssword in
> plain text in the script that performs this. If anyone for any reason is
> able to take advantage of some kind of exploit that allows them to view
> the source of that file, you're toast. They get ahold of your FTP
> password and have free reign on your website.
&g
lot more damage than just removing password
> access to an area.
>
> Mike
>
> Serj wrote:
> > Im not exactly sure why that is worse, could you elaborate a little?
> > Josh
> >
> > On Fri, 3 May 2002, Miguel Cruz wrote:
> >
> >
> >>T
Im not exactly sure why that is worse, could you elaborate a little?
Josh
On Fri, 3 May 2002, Miguel Cruz wrote:
> Thus leaving the FTP account's password in view of the httpd, which is
> even worse...
>
> miguel
>
> On Fri, 3 May 2002, serj wrote:
> > You could
You could use fopen() to connect to the file via ftp therefore keeping
the .htaccess file owned by the user for increased security.
Josh Boughner
On Fri, 3 May 2002, Mike Eheler wrote:
> It's possible, but is it really recommended? Wouldn't the
> .htaccess/.htpasswd file have to be owned by t
4 matches
Mail list logo
