lekhoi Posted May 4, 2005 Report Share Posted May 4, 2005 Hello, htacess anyone? I am having a bit of problem with the htaccess basic authentication. I have follow a demo here http://www.he.net/faq/tutorials/htaccess/demo.html For the purpose of verifying a working htaccess, I have copy all files word for word like follow: .htpasswd (user: john, pass: orange, user: sheri, pass: apple)===============john:zOSE9NzIxzoYosheri:bcrFMwAnWVM2A=============== .htaccess===============AuthUserFile /www/.htpasswdAuthName jdoe_goodstuffAuthType Basic<Limit GET>require valid-user</Limit>=============== I have: 1. Tested this exact configuration on a live server, changing only the path of the .htpasswd to the server path -- It did works 2. Tried to adapt this to the uniform server -- Did not work3. Debugged by placing htpassword everywhere I could think of, thinking that the path to the pass word file may be the problem -- Did not work Thanks in advance for any help. Quote Link to comment Share on other sites More sharing options...
Kevin Posted May 4, 2005 Report Share Posted May 4, 2005 Try AuthUserFile W:\www\.htpasswd AuthName jdoe_goodstuff AuthType Basic <Limit GET> require valid-user </Limit> And make sure: W:\www\.htpasswd is valid Quote Link to comment Share on other sites More sharing options...
Kevin Posted May 4, 2005 Report Share Posted May 4, 2005 or just: AuthUserFile .htpasswd Quote Link to comment Share on other sites More sharing options...
lekhoi Posted May 4, 2005 Author Report Share Posted May 4, 2005 or just: AuthUserFile .htpasswd659[/snapback] Oh dear, just found it 1. The path to htpasswd file is correct taking the form of /www/docs/.htpasswd depending on where you want to place the .htpasswd 2. Surprise surprise, the password file is NOT encrypted. That is it would be, password in clear text.===============john:orangesheri:apple===============and thanks to Kevin for giving a hand :-) Quote Link to comment Share on other sites More sharing options...
Kevin Posted May 4, 2005 Report Share Posted May 4, 2005 ko co chiur welcome hhe Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted May 4, 2005 Report Share Posted May 4, 2005 Correcto... the passwords are not encrypted G.job.mates Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
Kevin Posted May 5, 2005 Report Share Posted May 5, 2005 wut wut? why it is not encrypted? OMG hax0r olajideolaolorun breaks the Apache http again Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted May 5, 2005 Report Share Posted May 5, 2005 Don't ask me.... lol... I always wondered why also but it really does not matter.. 3.3 has a more secured .htpasswd folder for .htpasswd files. Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
Kevin Posted May 5, 2005 Report Share Posted May 5, 2005 kalimaaaawhere? where? can i have 3.3 ? Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted May 5, 2005 Report Share Posted May 5, 2005 lol.... NO We now have a /htpasswd/ folder for htpasswd files... Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
MrX Posted May 5, 2005 Report Share Posted May 5, 2005 (edited) ko co chiur welcome hhe661[/snapback]kalimaaaawhere? where? can i have 3.3 ? 666[/snapback]How about clearing all that anime from your brain buffer before speaking?You wouldn't like it if it overflows :) ... OMG hax0r olajideolaolorun breaks the Apache http again ...664[/snapback]An emoticon you forgot: Don't ask me.... lol... I always wondered why also but it really does not matter.. 3.3 has a more secured .htpasswd folder for .htpasswd files.665[/snapback]You can find all the examples you need here. Keep an eye out for those W:\htpasswd\ folders. lol.... NO We now have a /htpasswd/ folder for htpasswd files... 669[/snapback]We're just moving all the .htpasswd files from W:\www\\ to W:\htpasswd\\, it's that simple Anyway, I found this in my httpd.conf:# # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> Hmmm.. so do you care to explain why we need that htpasswd folder again, Olajide?To make up for potential Apache bugs? Edited May 5, 2005 by MrX Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted May 5, 2005 Report Share Posted May 5, 2005 There are tools that can hack it if it is located in a web or aliased directory you punk Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.