Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Re: Best way to hide passwords.

by dws (Chancellor)
on Mar 06, 2001 at 03:49 UTC ( [id://62384]=note: print w/replies, xml ) Need Help??


in reply to Best way to hide passwords.

If you're using Apache, put the file containing the password in a subdirectory, and add the following .htaccess file to that directory: 
Order deny,all
Deny from all

[download]
Voila! Nobody sees it.

The only risk you have is that if one day you munge the .htaccess, the directory will be visible. tadman's advice below is sounder in that regard.

Replies are listed 'Best First'.
Re: Hide Your Passwords!!
by tadman (Prior) on Mar 06, 2001 at 04:06 UTC
    Actually, the best thing, really the only thing to do is to make sure that your password file is not accessible from the Web at all! Don't put it in a directory that is served by Apache. Period.

    There have been many historical cases of people downloading your standard-issue '.htpasswd' file and running crack on it, finding dozens of simple passwords such as 'bob/bob', 'joe/123' and many others that would surprise you. These 'hax0rz' can do many unpleasant things to your Web site, and if you're not careful, there might be some system accounts with the same password and login as on the site...well, you know what happens next.

    So, if your script is running in "/site/www", put your data somewhere else, like "/site/data" which is not served by Apache.
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://62384]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2024-04-25 23:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found