October 11th, 2003, 03:58 PM
Need Security Help Immediate
Aight folks I got a problem, and I am sure you will all know the correct way to get around it. I am loading a .htaccess and .htpasswd file to my site and this is how my .htaccess file looks:
require user user name
Then, my password is encrypted using this site: Password Encryption
So I am loading my password file in to the pwserver folder. However when I put a page in the folder with my .htaccess file and then try to surf to it I get the page with the prompt but no matter how many times I try with the username and password it won't let me access the page. What am I doing wrong.
Please Help Thanks
October 11th, 2003, 07:27 PM
Your on the right track. Do this to your .htaccess
ErrorDocument 401 /rejectionpage.html
AuthUserFile /whatever/.htpasswd //the name of this file is not important
Now the important thing is to make sure that the .htpasswd file in not located on the web-server, where someone can download it.
The .htpasswd file should look something like this:
If you have access to the apache web server, you can create the encrytions using its utility.
htpasswd [-cmdps] passwordfile username
the only required switch is -c , to create the file.
htpasswd -c /whatever/.htpasswd user1 pass1
that will create the file.
Hope this helps
October 14th, 2003, 01:41 AM
Thanks for the help. I got it figured out.