[CLUE-Tech] How safe is it?
Dusty Campbell
dmcambpe at ouray.cudenver.edu
Sat Nov 2 23:34:33 MST 2002
With Apache you should be able to htpasswd a directory so that no one
could get to it. You would just want to make sure that you put your
.users file somewhere not Internet accessible like above the html
directory.
Here is a link I quickly looked up on Apache's site explaining this
option:
http://httpd.apache.org/docs/howto/auth.html
I am not that advanced in PHP or Perl, but others should not be able to
see the source code for in either case since only the HTML is sent to
the browser. Unless you actually include important information in the
HTML. I have seen password protection using JavaScript. The password
was supplied in the HTML code itself. Still htpasswd would be the best
option.
--Dusty
On Sat, 2002-11-02 at 04:45, Roger Frank wrote:
> I want to have some content in my /var/www/html directory that
> has restricted access. How safe are these scenarios:
>
> 1. I put it there in a subdirectory with no link and an unlikely
> name, such as /var/www/html/t87mz3q/secret_stuff.
> (I question, for example, if httrack can be set to mirror
> everything, or if one can somehow get to the /var/www/html
> directory and do the equivalent of an `ls` command.)
>
> 2. I put it on a link, such as "Solutions to Student Labs", that
> is password protected, probably using a PHP intermediate page.
> (Here, I'm wondering what can be done with viewing the page
> source and following it. Are PHP or PERL or any password
> page/link protection schemes solid?)
>
> 3. Other scenarios that work, other than "Don't put the data there
> if you don't want it compromised".
>
> Many thanks.
>
> ---
> Roger Frank
> Ponderosa High School, Parker, CO
> www.rfrank.us
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list