Do passwords used for .htaccess need to be encrypted?

Posted by webworm on Stack Overflow See other posts from Stack Overflow or by webworm
Published on 2010-03-31T17:17:36Z Indexed on 2010/03/31 17:33 UTC
Read the original article Hit count: 486

Filed under:
|
|
|

I am using .htaccess files to control access to various Apache2 directories. I have a main "password" file that contains usernames and passwords. All the instructions I have found regarding .htaccess talk about how the passwords added are encrypted. The usernames and passwords are created using the following command line syntax ...

htpasswd -nb username password

What I am wondering is ... do the passwords always need to be encrypted? Could I store usernames and passwords in a plain-text form someonewhere on the system (above the web root)? This would allow me to easily edit user names and passwords via FTP without requiring access to the Shelll (which I do not always have). Thank you.

© Stack Overflow or respective owner

Related posts about .htaccess

Related posts about passwords