Hey,

I really didn't know where to post this so apologies if it's in the wrong forum....

Anyways, .htaccess

I'm on a UNIX Apache server and I have 3 directories in my CGI-BIN folder which I need to have pwd access to....

Members for CYPWM PM's
One for a Poll system I'm running
One for an Interactive story I'm going to be running

And before using .htaccess files I have a few questions about them....

1) If under the worst circumstances someone was to ever change my .htaccess password would I still be able to override the .htaccess files by uploading some new ones thru my ftp ????

2) Does .htaccess apply pwd protection thru ftp to ???? Or is it simply for surfing the internet ????

3) If something ever went wrong with an .htaccess can I just delete it using ftp and everything would return to normal ????

4) Do I have to have telnet access to use .htaccess ???? Can I just use FTP (CuteFTP) ????

Thanks,

TotalNewbie

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by TotalNewbie on October 23, 2000 at 06:21 AM</font>

From my research on .htaccess files, I'm pretty sure that the following is true:

.htaccess files only affect access via HTTP requests, i.e., web surfing, so they have no effect on FTP or Telnet access.

.htaccess files are just normal files, so they can be uploaded or deleted using FTP.

It's possible for the server to be configured to ignore your .htaccess files.

If any of this is wrong, please correct it

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by Dave_L on October 24, 2000 at 05:22 AM</font>

Thanks for your reply Dave.

The only question I have left is do you have to have telnet access to your server to use .htaccess files as I believe you configure the password this way ???????????

TotalNewbie

Only thing i know you can set the Password once with those file and if you want another password you need new .htaccess file

Thus you can upload a new .htaccess file to your server to change the password.

I can upload a .htaccess file ony my server, but for extra protection I can only set users/passwords through telnet.

But, I've heard other ways of doing it, so it could be different for every server.
------------------
-david
<FONT size="1">Choose your future.
www.antipopculture.org </FONT s>

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by evil-empire on October 24, 2000 at 08:46 AM</font>

Here's a link I have on password-protection.
http://www.openup.com/justin/authentication/

It looks like the passwords in the .htpasswd file are encrypted using a Telnet command. If the Perl crypt() function is used for the encryption, it might be possible to set up the .htpassword file yourself, using a Perl script.

.htaccess files can be used for things other than password protection. For example, I use one to allow a Perl module directory to be accessed by scripts, but not accessed from web browsers.

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by Dave_L on October 27, 2000 at 04:53 AM</font>

Dave_L

what do you have to put in the .htaccess file to make it accessable by scripts but not from web based browsers, I want to protect my cgi_local directory.

DaveD:

In my case, it's sufficient for the .htaccess file to contain the single line:


If that doesn't work correctly on your server, you could try:


or



(where *.db would be replaced by the file type(s) you want to protect)

Here's another resource link: http://apachetoday.com/news_story.php3?ltsn=2000-07-19-002-01-NW-LF-SW

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by Dave_L on October 26, 2000 at 06:46 PM</font>

TotalNewbie et al:

While looking for something else, I came across this script, which sets up an .htpasswd file without Telnet:
http://www.croesusdesign.com/pass.html

<FONT COLOR="#6699cc" SIZE="1" FACE="Verdana, Arial">This message has been edited by Dave_L on October 27, 2000 at 04:53 AM</font>