password safety-

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • Andy128
    Major General

    • Dec 2005
    • 2317

    password safety-

    Have been reading about password safety and most say that the password file should not be kept in the root directory but to store it outside the server root directory. What exactly do they mean and how does that pertain to our account on the VH server?

    I know that you can create a sub-directory that would be referenced like;
    public_html/my_subdirectory

    But is that what they are talking about?

    Andy
    PHP- is a blast!
  • Watdaflip
    Major General

    • Sep 2005
    • 2116

    #2
    Re: password safety-

    I would assume it is talking about things like the htaccess password (password protected directories). If you log in using a ftp you will have a bunch of directories:

    public_html
    public_ftp
    mail
    tmp
    .cpanel
    .htpasswds
    etc

    ... For instance with cPanel when you create a password protected directory, the passwords are stored in the ".htpasswds" directory, which is behind the root.

    If they are not talking about such passwords I haven't a clue what they are talking about (unless I am overlooking something obvious)

    Register/Login Script
    Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script

    Comment

    • Andy128
      Major General

      • Dec 2005
      • 2317

      #3
      Re: password safety-

      Watdaflip-

      Merry Christmas my friend. Well, I believe that they are refering to a directory outside that which is avaliable to the public. But, I do not know how to call upon or reference such a directory like, for instance opening a file to read / an or storing info there. I believe that it has to be allowed in the php config files.

      For now- I think that I will simply keep the info in a txt file and md5 it. I think the chances of someone guessing the txt file name are slim and if the info is md5 encrypted- it will be ok.

      Talk to you later.

      Andy
      PHP- is a blast!

      Comment

      • Watdaflip
        Major General

        • Sep 2005
        • 2116

        #4
        Re: password safety-

        You can open a file using a filepath, such as

        "/home/cpanel_username/public_html/filename.txt"

        You should be able to open one using something like

        "home/cpanel_username/passwords/filename.txt"

        using fopen("home/cpanel_username/passwords/filename.txt", "r"); or whatever operation you will be using (read, write, alter)

        Register/Login Script
        Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script

        Comment

        Working...
        X