: If file name starts with ".ht" is it available from outside? Someone told me that I can store MySQL passwords in a plain-text file in the web root, all I have to do is to give it a name
Someone told me that I can store MySQL passwords in a plain-text file in the web root, all I have to do is to give it a name starting with .ht (other than .htaccess). Is it so?
More posts by @Si4351233
1 Comments
Sorted by latest first Latest Oldest Best
That would depend on your webserver configuration. Many webservers do come configured that way.
Here is a snippet from /etc/apache2/apache2.conf on my Ubuntu Linux webserver:
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^.ht">
Require all denied
</FilesMatch>
Your webserver would have to have similar configuration installed to deny acces to files that start with .ht.
I would recommend storing sensitive data outside the web root. That way you don't have to rely on the web server configuration to protect it.
If you have to have it in the web root, naming it to start with .ht could work. You could also add your own FilesMatch directive to your .htaccess file to disallow access to any file name you choose.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.