Being that the files are owned by their respective users, I would imagine
that would make it pretty difficult for the .htaccess file to be
overwritten, if someone found a way to overwrite the file couldn't that
person overwrite any file owned by the ftp user anyway? also I don't see
how someon
Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] php/.htaccess/.htpasswd
>
> You could use fopen() to connect to the file via ftp therefore keeping
> the .htaccess file owned by the user for increased security.
>
> Josh Boughner
>
> On Fri, 3 May 2002, Mike Eheler wrote:
>
If someone can overwrite your .htaccess there's a chance they can also
view files through the same exploit (possibly). They could then get your
FTP login info, and do a lot more damage than just removing password
access to an area.
Mike
Serj wrote:
> Im not exactly sure why that is worse, cou
You also can't overwrite files using the fopen() method. You'd need to
FTP in, then delete the file, then fopen() it.. or just do the whole
thing in one FTP session (write to a temp file, upload it, erase the
temp file).
Mike
Miguel Cruz wrote:
> Thus leaving the FTP account's password in vie
Im not exactly sure why that is worse, could you elaborate a little?
Josh
On Fri, 3 May 2002, Miguel Cruz wrote:
> Thus leaving the FTP account's password in view of the httpd, which is
> even worse...
>
> miguel
>
> On Fri, 3 May 2002, serj wrote:
> > You could use fopen() to connect to the
Thus leaving the FTP account's password in view of the httpd, which is
even worse...
miguel
On Fri, 3 May 2002, serj wrote:
> You could use fopen() to connect to the file via ftp therefore keeping
> the .htaccess file owned by the user for increased security.
>
> Josh Boughner
>
> On Fri, 3
You could use fopen() to connect to the file via ftp therefore keeping
the .htaccess file owned by the user for increased security.
Josh Boughner
On Fri, 3 May 2002, Mike Eheler wrote:
> It's possible, but is it really recommended? Wouldn't the
> .htaccess/.htpasswd file have to be owned by t
It's possible, but is it really recommended? Wouldn't the
.htaccess/.htpasswd file have to be owned by the apache user, which
might leave it open to being overwritten by any kind of a
weak/exploitable script?
Mike
Josh & Valerie McCormack wrote:
> I've used the script phtaccess, which I think
I've used the script phtaccess, which I think used the mentioned class.
Super easy to use.
Josh
>On Wed, 1 May 2002, Kelly Meeks wrote:
>
>>> Is is possible to use php to admin a password file used by a .htaccess file?
>>
>
> You should check the File_Passwd class from PEAR.
>
> htt
On Wed, 1 May 2002, Kelly Meeks wrote:
> Is is possible to use php to admin a password file used by a .htaccess file?
You should check the File_Passwd class from PEAR.
http://chora.php.net/cvs.php/php4/pear/File
--
Mika Tuupola http://www.appelsiini.net/~t
Yes, it's certainly possible. There are classes out there that manage
.htaccess permissions for you and provide a web interface to do it. The
scripts will write the appropriate .htaccess files based on what you choose
to do.
Search hotscripts.com or phpclasses.org for one of them.
The passwords
11 matches
Mail list logo
