[lug] htpasswd security

Timothy C. Klein teece at silverklein.net
Tue Mar 4 21:11:39 MST 2003


Hey all,

I run a web server (apache) on my home machine over DSL. I recently
realized it would be *very* convenient to allow access to certain stuff
at home over HTTP, as that is the only universal file transfer program
I find on campus. So I put some of the stuff there, and set up an
.htpasswd file in my home directory (above web root), and an .htaccess
file in the protected directory. Both files have a file mode of 0644. I
now have password access to the pages.

How secure is this method of access?  If I had ssh and a Unix machine at
school, I would much rather use ssh, but as it stands it is damn
inconvenient.  So this method is quite nice.  So nice, that I am
pondering this:  rather than go through the trouble of periodically
updating which files I put in ~/public_html, I may just symlink to the
directories where I keep work.

Will this leave my wide open in some non-obvious way?  I am no web guru.

TIA,
Tim

PS -> There is nothing earth shattering on my machine, and currently
all I am interested in hosting privately (as much as is possible) is
homework, papers, and notes and such. Not really majorly sensitive, but
still private. The machine also runs a firewall, tripwire, etc. (with
the web port open, obviously.)

--
==============================================
==  Timothy Klein || teece at silverklein.net  ==
==  http://i148.denver.dsl.forethought.net  ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================



More information about the LUG mailing list