Hey Gang....

I have been using htaccess for a while now and I'm still suspect about how secure it is. I have done plenty of reading on the subject but found some fairly mixed answers. Obviously the safest way to protect your files is not to upload them at all but sometimes it is necessary.....so I am wondering what your thoughts are on htaccess, any ideas, experiences etc...

Is it the most secure option?

Also there seems to be a conflict as to where you place the htpasswd file....in the secure folder?.....or in a password folder? Both options work well but which is more secure?

Anyone have an opinion as to how difficult it would be to crack? I'm wondering what kinda people I may have to worry about.

I also asked once before over at wow-factor if anyone knew if it was possible to alter and customise the log in pop-up further than simply the name. If memory recalls, I got a fairly solid 'No'.....can anyone confirm, second or dispute that?

Thanks... ;)

~Dart~

Hi Dart
We've all tried and had had mixed success with htaccess. I think the only one who really persevered with it, is Brian. So Brian??

If you don't get answers, I'll go and look it up for you - I've got a bit of material on it.

a great deal of it has to do with how the .htaccess is set up.
If it's set up properly then it shouldn't be an issue.

JC wrote some very interesting stuff on it here
http://wow-factor.com/forum/viewthread.php?tid=370

All of the examples posted by JC is about the extent of my knowledge with htaccess (intimately) ...

It's good to keep images in place (bandwidth theft) -- but, people can still steal them and "place" them physically on their own site ...

I like using htaccess to disable indexes -- and redirect for error pages ... but, I would use a more suitable method for keeping files in place (payment, etc.) ...

The password file is the one thing I didn't try -- because I decided to go with an "easy" membership setup ...

But, JC can certainly provide much more thorough answers -- he's a "backend" guru :) (no pun intended) :D

Brian

can u help me with htaccess? i just started useing it and i dont have a clue how to use it lol

please reply:(

this is a good place to start.
That's why I mention it.
http://wow-factor.com/forum/viewthread.php?tid=370

sorry I missed this thread .. haven't been out and about lately

If you want to know more about file and image protection I put up some info here on it as well .. http://www.wow-factor.com/forums/index.php?act=ST&f=17&t=339&s=88046705b682a34993822d0acff48382

as far as .htpasswrd files .. always a good idea to place them out side the public accessible area.

The .htaccess file go's in the folder of files you want to protect.

.htaccess is a very powerful UNIX file it can control the way your server runs and if your not careful you can render your server out of commission.

Many host today don't allow it's use unless they know you know what your doing or the cloak the file from your view so you can't tinker with it.

If they have clocked files from you in most cases you can view them anyway .. here I tell you how .. http://www.wow-factor.com/forums/index.php?act=ST&f=17&t=347&s=88046705b682a34993822d0acff48382

if your running FP extensions be VERY CAREFUL .. one wrong move and it's a black out for you. FP uses several types of .htaccess files to run these extensions and changing them can be tricky.

Cheers
JC

Finally have it working...hopefully...after much trial and error.
Huge thanks to you all for your help....