I just opened up my account here at powweb and I must say, I'm quite impressed.

However, I'm a bit new to the whole .htaccess game. But I was hoping someone could answer a few questions.

I want to password protect a directory. I've created a .htaccess file for the directory that looks like this:


AuthUserFile /pass/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Area"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

I based this off of information obtained from EZ Pass. I created a directory called pass to place the .htpasswd file that is outside the htdocs directory. My questions are as follows:
[list=1]
Using this set up, what permissions would I have to set on the pass directory and .htpasswd file?
The pass directory is in my root folder along with htdocs, cgi-bin etc.. but is the above path appopriate? Should I instead use a relative path?
What can I use to generate the password file? The htpasswd util on my windows box uses the wrong form of encryption (MD5 instead of Crypt) and the EZ Pass encryption algorithm doesn't seem to work for me either (I'm denied access).
[/list=1]

Many thanks for any help.

You can find a complete tutorial on how to setup your htaccess password files at
http://help.powweb.com/tutorials/htaccess/passprotect.php

There is also an encryption link there to encrypt your password for you.


Just my "For What It's Worth"

Whooops... missed that tutorial. Sorry about that. I only saw the information in the FAQ which was a little sparse.

One quick other question: The default permissions are 644 on the htpasswd file. That still means that others on the system can read the file, correct? I know the password is encrypted but is that still as secure as it can be?

Just trying to cover all the bases.

Thanks.

they do not have access to the htaccess....try and access your htacess (knowing the right address) and still you will not be able to open it!

the password is even more secure below the htdocs