First off, A big Thank You to B&T for his efforts in creating the tips site, if you haven't seen it, and your as lost as I am.... go there ;)

However, Can someone explain some of the following, taken from; http://tips.prettyworthless.com/?tip=secure#tip

Use the right Document Root path - PowWeb gives you two alternative root paths. You can use either one. But one of them contains your Master Username (/www/u/user/htdocs). Do not use that one. Instead use the one that contains your domain name (/www/d/o/domain.com/htdocs) in your scripts.

What exactly is the defining parts of this URL? I know the www. part, what does the " /d/o", stand for?
also the "/u/user/htdocs",same thing what do the parts stand for.... I don't believe I've seen this one anywhere.

Last question....
In the FTP setup section, I thought I was following the advise of B&T and I disabled the main FTP. Now, I'm not so sure that was his intention. Was that the "Master Username"
he was referring to, in the quote below, the thing I was to disable?. When I disabled the main ftp, it's gone!...I don't think there is a way to bring it back, so if it's used by something else.....ummm oops?

Disable the Master Username - You cannot delete it, but you can disable it. Because the Master Username is reused for so many things at PowWeb, the smart thing to do is disable FTP and POP services for the Master Username.

Thanks for any help you folks might offer
Best Regards,

~whiterook~

What exactly is the defining parts of this URL? I know the www. part, what does the " /d/o", stand for?
also the "/u/user/htdocs",same thing what do the parts stand for.... I don't believe I've seen this one anywhere./www/ is the directory on the file server where customer files are stored.

/d/o/ are the first two letters of your domain name.

/u/user/ is the first letter of your master FTP username and your master FTP username itself.

The /www/d/o/domain path is simply a server alias to the real server path that uses the master FTP username.

Let me expand. Let's say your Master Username is joe and your domain name is mydomain.com

Then you have two options for specifying a root path. One is:

/www/j/joe/htdocs - this is bad as it uses your Master Username

the other is

/www/m/y/mydomain.com/htdocs - this is good as it uses the domain name everyone knows anyway

Next point. Yes, you should disable POP and FTP services for joe. There are too many ways to find the username joe - so there goes a part of your security. Then set up a new FTP user and POP user with some other name.

Explanations were perfectly clear.... Thank You for the clarification ;)

Let me expand. Let's say your Master Username is joe and your domain name is mydomain.com

Then you have two options for specifying a root path. One is:

/www/j/joe/htdocs - this is bad as it uses your Master Username

the other is

/www/m/y/mydomain.com/htdocs - this is good as it uses the domain name everyone knows anyway

Next point. Yes, you should disable POP and FTP services for joe. There are too many ways to find the username joe - so there goes a part of your security. Then set up a new FTP user and POP user with some other name.

BT, since giving an example makes things clear to the users. I suggest that you put it into your site on scripts that need it. To make those scripts less scary :D