How secure is .htaccess

Frode · #1 01-21-2006, 10:13 AM

I try to find topics in google on how secure htaccess really are.. but I can't fint anything to calm my worries. So how secure is .htaccess? Do anyone here now? I guess nothing is bullet proof, but I try to get close.

I use .htaccess and a php-login script. Tips on great and secure php login scripts is also greatful!

Have a nice day.

Frode

Serra · #2 01-21-2006, 12:36 PM

Quote:

Originally Posted by Frode

I try to find topics in google on how secure htaccess really are.. but I can't fint anything to calm my worries. So how secure is .htaccess? Do anyone here now? I guess nothing is bullet proof, but I try to get close.

I use .htaccess and a php-login script. Tips on great and secure php login scripts is also greatful!

Fairly secure. However, if a hacker is able to remove .htaccess, the directory becomes unlocked. Session security is much stronger.

Frode · #3 01-22-2006, 09:31 AM

So if I combine .htaccess and php login it will be good enough?
I guess if someone who is clever enough to break in to my site, they are probably clever enough to understand that my page is not that interesting

I found this version controll system:
http://www.rjk-hosting.co.uk/programs/prog.php?id=3
Where I have to upload the php files to a database. I think this is scary!

I have installed this script local on a seperat computer at home. But it would make it easier for me if I could use it on the server, but I am not sure how smart it is to upload the files to a server...

Frode

Serra · #4 01-22-2006, 10:35 AM

Quote:

Originally Posted by Frode

So if I combine .htaccess and php login it will be good enough?
I guess if someone who is clever enough to break in to my site, they are probably clever enough to understand that my page is not that interesting

I'm not sure what PHP login security is. It it is the type of security where you set it up in cPanel, then it is .htaccess powered. If it is session security, using the start_session() command in PHP, then it is not secure at all when you are talking about files. Session security can be used to prevent users from running PHP scripts, but it can not be used to secure files, such as image files. Users can still see image files.

If you are trying to protect files, then .htacess password protecting is about as good as you can get when you still need people to access files.

Frode · #5 01-22-2006, 12:15 PM

Hi again.
I have now created .htacces at my adminfolder.
But since the uploaded images is inside a child folder to the admin folder, the images won't show on my website, unless I type my username and password.
How do I get around this?

Frode

Serra · #6 01-22-2006, 07:34 PM

Quote:

Originally Posted by Frode

Hi again.
I have now created .htacces at my adminfolder.
But since the uploaded images is inside a child folder to the admin folder, the images won't show on my website, unless I type my username and password.
How do I get around this?

Correct, images in a subfolder of a password protected folder can not be accessed. You need to put your upload scripts in a different folder than the image folder tree. That way you can protect your scripts, but not the images.