[linux-help] Re: web server security
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Mon, 31 Jul 2000, Jeff Schaller wrote:
> On Mon, 31 Jul 2000, John Reinke wrote:
> > I finally sat down and learned how to set up htaccess and htpasswd for
> > [...]
> > Is there an alternative way to set this up to make it more secure? Are
> > there any alternatives to htaccess for protecting web pages?
>
> 1) don't give shell accounts on the web server
> 2) run the web server as a particular user (not nobody, not root)
> 3) put the htpasswd file outside the doc root of the web server
> 4) don't run an ftp server on the web server (see apache's
> defacement)
> 5) others...
While this might not always be the case, I'm doing this on a school
account, with 100s of students also having accounts on the same system,
and I have no root access. :-(
It sounds like htaccess won't be safe in my situation so you can therefore
ignore my first question. Are there any other ways to protect password
protect web pages besides htaccess?
John
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
|
|