Do passwords used for .htaccess need to be encrypted?

Posted by webworm on Stack Overflow See other posts from Stack Overflow or by webworm
Published on 2010-03-31T17:17:36Z Indexed on 2010/03/31 17:33 UTC
Read the original article Hit count: 486

Filed under:

.htaccess

|

passwords

|

encrypt

|

apache2

I am using .htaccess files to control access to various Apache2 directories. I have a main "password" file that contains usernames and passwords. All the instructions I have found regarding .htaccess talk about how the passwords added are encrypted. The usernames and passwords are created using the following command line syntax ...

htpasswd -nb username password

What I am wondering is ... do the passwords always need to be encrypted? Could I store usernames and passwords in a plain-text form someonewhere on the system (above the web root)? This would allow me to easily edit user names and passwords via FTP without requiring access to the Shelll (which I do not always have). Thank you.

© Stack Overflow or respective owner

Related posts about .htaccess

Seeking htaccess help: Converting multiple subdomains (both http and https) to www.domain.com using .htaccess

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've been trying to get an answer to this question on other forums (the folks at SuperUser thought this was the place I needed to post) and via my connections, but I haven't gotten very far. Hopefully you guys can help me find an answer: I've got a dozen old subdomains that have been indexed by Google… >>> More
.htaccess Permission denied. Unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
Hi, I have a strange problem when adding a sub-domain to our virtual server. I have done similar sub-domains before and they have worked fine. When I try to access the sub-domain I get an 403 Forbidden error. I checked the error logs and have the following error: pcfg_openfile: unable to check… >>> More
Disable .htaccess or disable some rules from .htaccess on specific URL

as seen on Server Fault - Search for 'Server Fault'
I have Kerberos-based authentication and I want to disable it on only root url: mysite.com/. And I want it to works fine on any other page like mysite.com/page1. I have such things in my .htaccess: AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd on Krb5KeyTab… >>> More
.htaccess Permission denied. Unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
I have a strange problem when adding a sub-domain to our virtual server. I have done similar sub-domains before and they have worked fine. When I try to access the sub-domain I get an 403 Forbidden error. I checked the error logs and have the following error: pcfg_openfile: unable to check htaccess… >>> More
Permission denied: /home/.htaccess pcfg_openfile: unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
This domain was working this morning, now I get a 403 error and the message above in my error log. I'm not using .htaccess files but I have been doing some copy on the server so may have messed things up but no changes to this domain (unless by accident!). What is this pcfg_openfile thing anyway? Done… >>> More

Related posts about passwords

Fixing /etc/shadow with md5 passwords to sha512 passwords

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I recently upgraded an ubuntu server with many users to a recent version from a version from 2008. The server used to use md5 password hashes (e.g., the shadow passwords began with $1$) and now is configured to use sha512. I'd prefer to keep using sha512, but would like the old users to be able… >>> More
How to securely generate memorable passwords?

as seen on Super User - Search for 'Super User'
Whenever I need new passwords I use some tools to generate those, preferable memorable passwords, but I've been wondering how secure this might actually be. Using The xkcd random number generator is probably pretty bad, cat /dev/random is probably pretty good, but generating memorable passwords seems… >>> More
Gawker Passwords

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
There has been much news about the hack of the Gawker web sites. There has even been an analysis of the common passwords found. This list is embarrassing in many ways. The most common password was "123456". The second most common password was "password". Much has also been written providing… >>> More
Phishing Ploy Forces Twitter to Reset Passwords

as seen on Internet.com - Search for 'Internet.com'
The microblogging site has reset some Twitter users' passwords after a phishing attack attempted to steal their login information. >>> More
Phishing Ploy Forces Twitter to Reset Passwords

as seen on Internet.com - Search for 'Internet.com'
The microblogging site has reset some Twitter users' passwords after a phishing attack attempted to steal their login information. >>> More