Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] apache mod_auth_digest

On Sun, 1 Apr 2007, Keith Bawden wrote:

2) Is it a security problem to put the .htdigest file in the same
private directory? The httpd.conf contains the following lines, but I
don't know if that's enough:

I generally keep all such files outside of the URI space of the web server. The last thing you want is web server to be serving up the file.

You could as you have mentioned tweak your config to "disallow" this.
However, I find keeping it out of the way in the first place easier.

It's also much more secure. "Human error" is a major factor in security problems, and so in any well designed security system a lot of work is put into not making it possible to secure something, but making it easy.

Curt Sampson       <>        +81 90 7737 2974

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links