[lug] htpasswd security
Timothy C. Klein
teece at silverklein.net
Tue Mar 4 21:11:39 MST 2003
Hey all,
I run a web server (apache) on my home machine over DSL. I recently
realized it would be *very* convenient to allow access to certain stuff
at home over HTTP, as that is the only universal file transfer program
I find on campus. So I put some of the stuff there, and set up an
.htpasswd file in my home directory (above web root), and an .htaccess
file in the protected directory. Both files have a file mode of 0644. I
now have password access to the pages.
How secure is this method of access? If I had ssh and a Unix machine at
school, I would much rather use ssh, but as it stands it is damn
inconvenient. So this method is quite nice. So nice, that I am
pondering this: rather than go through the trouble of periodically
updating which files I put in ~/public_html, I may just symlink to the
directories where I keep work.
Will this leave my wide open in some non-obvious way? I am no web guru.
TIA,
Tim
PS -> There is nothing earth shattering on my machine, and currently
all I am interested in hosting privately (as much as is possible) is
homework, papers, and notes and such. Not really majorly sensitive, but
still private. The machine also runs a firewall, tripwire, etc. (with
the web port open, obviously.)
--
==============================================
== Timothy Klein || teece at silverklein.net ==
== http://i148.denver.dsl.forethought.net ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================
More information about the LUG
mailing list