Linux Passwords

onlyican · August 10, 2007

Hey all.

I am creating a website.

This website has multiple files, which are confidential and important, so need to be kept secure.

The files and the Website linking to the files are behind a Linux Password section.

(you know tha pop up which comes up asking you to enter your details)

How secure is this?

If not secure or anything, please give me a link showing why not.

effigy · August 10, 2007

Are you referring to Apache's Authentication?

onlyican · August 10, 2007

aye sorry, I just found that out when looking through the job

I have a spec sheet here, whcih mentions Review Linux Password Security.

After reading the website data, it is actually Apache Authentication (.htaccess / .htpasswd)

effigy · August 10, 2007

As long as the password files are outside of the document root you should be fine. For added security, use 600 permissions. This will only allow the apache user to read and write to the file.

steviewdr · August 13, 2007

effigy: I think .htaccess and .htpasswd files need to be 644 unless you can chown them to the apache user (which only root can do).

htaccess auth is ok on a dedicated server. On a shared server, htaccess auth does not provide much security, as it might be possible for other users to access files.

-steve

Sign In

Linux Passwords

Recommended Posts

onlyican

Link to comment

Share on other sites

effigy

Link to comment

Share on other sites

onlyican

Link to comment

Share on other sites

effigy

Link to comment

Share on other sites

steviewdr

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information