Do passwords used for .htaccess need to be encrypted?
Posted
by webworm
on Stack Overflow
See other posts from Stack Overflow
or by webworm
Published on 2010-03-31T17:17:36Z
Indexed on
2010/03/31
17:33 UTC
Read the original article
Hit count: 487
I am using .htaccess files to control access to various Apache2 directories. I have a main "password" file that contains usernames and passwords. All the instructions I have found regarding .htaccess talk about how the passwords added are encrypted. The usernames and passwords are created using the following command line syntax ...
htpasswd -nb username password
What I am wondering is ... do the passwords always need to be encrypted? Could I store usernames and passwords in a plain-text form someonewhere on the system (above the web root)? This would allow me to easily edit user names and passwords via FTP without requiring access to the Shelll (which I do not always have). Thank you.
© Stack Overflow or respective owner