www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject Re: mod_auth-any/8698: htpasswd file location
Date Sun, 11 Nov 2001 19:56:26 GMT
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

Synopsis: htpasswd file location

State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Sun Nov 11 11:56:25 PST 2001
While you may not "want to" give them access to any non-web accessible directory to store
sensitive information that shouldn't be accessible via HTTP requests, that doesn't change
the fact that storing them inside the document tree is a poor idea and, while Apache doesn't
stop you from doing it, it is NOT appropriate for Apache to make that the easiest thing to
do by defaulting to loading the file from the same directory as the .htaccess file containing
the auth directive.

View raw message