Mobile app version of vmapp.org
Login or Join
Si4351233

: If file name starts with ".ht" is it available from outside? Someone told me that I can store MySQL passwords in a plain-text file in the web root, all I have to do is to give it a name

@Si4351233

Posted in: #Filenames

Someone told me that I can store MySQL passwords in a plain-text file in the web root, all I have to do is to give it a name starting with .ht (other than .htaccess). Is it so?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Si4351233

1 Comments

Sorted by latest first Latest Oldest Best

 

@Heady270

That would depend on your webserver configuration. Many webservers do come configured that way.

Here is a snippet from /etc/apache2/apache2.conf on my Ubuntu Linux webserver:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^.ht">
Require all denied
</FilesMatch>


Your webserver would have to have similar configuration installed to deny acces to files that start with .ht.

I would recommend storing sensitive data outside the web root. That way you don't have to rely on the web server configuration to protect it.

If you have to have it in the web root, naming it to start with .ht could work. You could also add your own FilesMatch directive to your .htaccess file to disallow access to any file name you choose.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme