Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: Hide Your Passwords!!

by tadman (Prior)
on Mar 06, 2001 at 04:06 UTC ( [id://62387]=note: print w/replies, xml ) Need Help??


in reply to Re: Best way to hide passwords.
in thread Best way to hide passwords.

Actually, the best thing, really the only thing to do is to make sure that your password file is not accessible from the Web at all! Don't put it in a directory that is served by Apache. Period.

There have been many historical cases of people downloading your standard-issue '.htpasswd' file and running crack on it, finding dozens of simple passwords such as 'bob/bob', 'joe/123' and many others that would surprise you. These 'hax0rz' can do many unpleasant things to your Web site, and if you're not careful, there might be some system accounts with the same password and login as on the site...well, you know what happens next.

So, if your script is running in "/site/www", put your data somewhere else, like "/site/data" which is not served by Apache.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://62387]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2024-03-28 23:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found