https://www.webmaster-forums.net/crss/node/1038396 en https://www.webmaster-forums.net/webmasters-corner/members-area-0#comment-1219075 <p>Thanks for the suggestions as to whether it's the best method or not. In my opinion, it has to be the best method as it's quick, secure and <em>should</em> be possible without learning any extra PHP, Perl etc.</p> <p>Does anybody care to hazard a guess as to where the problem may lie?</p> Thu, 10 May 2007 22:32:14 +0000 Steevo comment 1219075 at https://www.webmaster-forums.net https://www.webmaster-forums.net/webmasters-corner/members-area-0#comment-1219074 <p>I use it without a problem. I know that there was a security issue with .htaccess &amp; .htpasswd files generated by FrontPage, but that's all I know of.</p> Thu, 10 May 2007 22:15:36 +0000 pr0gr4mm3r comment 1219074 at https://www.webmaster-forums.net https://www.webmaster-forums.net/webmasters-corner/members-area-0#comment-1219073 <p>Well, I know of a few occasions where people have placed their .htpasswd file in a web directory. As for how they are read, I don't know that...I'm not of that status <img src="https://www.webmaster-forums.net/misc/smileys/wink.png" title="Wink" alt="Wink" class="smiley-content" /> </p> <p>All I know is that it can be done, and has been. </p> <p>All of that aside, I was trying to make a point that that method of user-authentication is rarely used any more for that kind of purpose.</p> Thu, 10 May 2007 22:12:59 +0000 brady.k comment 1219073 at https://www.webmaster-forums.net https://www.webmaster-forums.net/webmasters-corner/members-area-0#comment-1219072 <blockquote class="bb-quote-body"><p><strong>brady.k;219063 wrote:</strong> First of all, I don't know where you got your information that .htaccess is the best method for user-authenticated access... but that's wrong. .htaccess files can easily be read, and the password files can be read as well. A server-side language is the preferred method, like PHP or Perl or ColdFusion, because they are more secure.</p> <p>That being said, did you encode/hash your passwords? I know they have to be hashed, and I believe it's using md5 encryption. To do this, you can either Google an online application that will do it, or on Linux/Mac (I'm not sure about Windows) you can use the command line/terminal to run the md5 command.</p></blockquote> <p>How can you read an .htpassword file when it's not in the web directory. Also, how can .htpassword files be read when Apache denies access to them?</p> Thu, 10 May 2007 21:49:59 +0000 pr0gr4mm3r comment 1219072 at https://www.webmaster-forums.net https://www.webmaster-forums.net/webmasters-corner/members-area-0#comment-1219063 <p>First of all, I don't know where you got your information that .htaccess is the best method for user-authenticated access... but that's wrong. .htaccess files can easily be read, and the password files can be read as well. A server-side language is the preferred method, like PHP or Perl or ColdFusion, because they are more secure.</p> <p>That being said, did you encode/hash your passwords? I know they have to be hashed, and I believe it's using md5 encryption. To do this, you can either Google an online application that will do it, or on Linux/Mac (I'm not sure about Windows) you can use the command line/terminal to run the md5 command.</p> Thu, 10 May 2007 19:44:45 +0000 brady.k comment 1219063 at https://www.webmaster-forums.net