Results 1 to 11 of 11
-
05-03-2007, 05:01 PM #1Junior Guru Wannabe
- Join Date
- Oct 2005
- Posts
- 43
possible for multiple sites on same server to "share" one .htpasswd file?
the subject pretty much sums it up, is there a method or solution for multiple websites (whic reside on the same dedicated server) to share just one .htpasswd, or automate the mirroring of said .htpasswd file?
if so any suggestions for methodology or products that would facilitate this action would be most welcome, thx in advance friends..!
-
05-03-2007, 05:13 PM #2Aspiring Evangelist
- Join Date
- Nov 2003
- Posts
- 350
Just pointing to the same .htpasswd file in "AuthUserFile" directives. Should not be a problem at all.
LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
Apache drop-in replacement. Triple server capacity with 10X performance increases.
Ultimate web serving platform for WordPress, Magento and other web applications.
Turbo charging all WordPress sites hosted on your server with a single click!
-
05-03-2007, 05:27 PM #3Junior Guru Wannabe
- Join Date
- Oct 2005
- Posts
- 43
thx for your speedy reply friend, i will research the AuthUserFile reference and see what i can find. can i ask you this then... would it be possible to just have one .htpasswd located somewhere safe/deep, and have both sites use symbolic links to point to that one? the issue i have w/ just sharing one of them is that both are modified externally by scripts, so if there is a way to just have one .htpasswd file that can be modified and accessed by both websites transparently that would be ideal...
thx again for your help and have a good one friend..!
-
05-03-2007, 09:24 PM #4Aspiring Evangelist
- Join Date
- Nov 2003
- Posts
- 350
You don't have to use symbolic links, just point to the location of the file directly.
For the sake of security, just make the .htpasswd file only readable by the user that web server run as, and run PHP and CGIs with suEXEC, so the .htpasswd file is not readable from PHP and CGI.LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
Apache drop-in replacement. Triple server capacity with 10X performance increases.
Ultimate web serving platform for WordPress, Magento and other web applications.
Turbo charging all WordPress sites hosted on your server with a single click!
-
05-03-2007, 10:16 PM #5Junior Guru Wannabe
- Join Date
- Oct 2005
- Posts
- 43
thx once again for your reply, but unfortunately i cannot modify the path pointed to the current two .htpasswd's in some of the scripts in question, hence the wish to replace them both w/ symbolic links if possible, both pointing to (and being able to write to) the one real .htpasswd..
-
05-03-2007, 10:29 PM #6Aspiring Evangelist
- Join Date
- Nov 2003
- Posts
- 350
You can use symbolic link if you need to. But it will not make the .htpasswd file safer in term of security.
So, you are not using web server's builtin password protection feature, it was inside the script, right?
Then, you have to be careful with the file permission of the .htpasswd, it has to be readable to the user that the script run as.LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
Apache drop-in replacement. Triple server capacity with 10X performance increases.
Ultimate web serving platform for WordPress, Magento and other web applications.
Turbo charging all WordPress sites hosted on your server with a single click!
-
05-03-2007, 10:35 PM #7Junior Guru Wannabe
- Join Date
- Oct 2005
- Posts
- 43
thx again for your time mistwang... yes, i rely on a secondary .php script on my server for each website that logs password pair usage and locks shared accounts when needed. would going the route w/ symbolic links for both sites where the .htpasswd would be markedly 'unsafe' in practice? and would this method allow the one real .htpasswd file to be modified by scripts from either website?
thx again..!
-
05-03-2007, 10:48 PM #8Aspiring Evangelist
- Join Date
- Nov 2003
- Posts
- 350
You are welcome!
Using symbolic links have no impact on security of the target file.
would this method allow the one real .htpasswd file to be modified by scripts from either website?LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
Apache drop-in replacement. Triple server capacity with 10X performance increases.
Ultimate web serving platform for WordPress, Magento and other web applications.
Turbo charging all WordPress sites hosted on your server with a single click!
-
05-03-2007, 10:56 PM #9Junior Guru Wannabe
- Join Date
- Oct 2005
- Posts
- 43
hmm... i really need the .htpasswd to be modifiable by the scripts from either website, both to add new password pairs and to remove them, am i looking in the wrong direction here for this task? really i am trying to find a way that doesn't involve changing the existing scripts, the .htpasswd is currently set at 666 and the scripts can change it properly now, would having the symbolic links pointing to the new location w/ it also set as 666 not work then..?
-
05-03-2007, 11:08 PM #10Aspiring Evangelist
- Join Date
- Nov 2003
- Posts
- 350
LiteSpeed Web Acceleration Platform by https://www.litespeedtech.com
Apache drop-in replacement. Triple server capacity with 10X performance increases.
Ultimate web serving platform for WordPress, Magento and other web applications.
Turbo charging all WordPress sites hosted on your server with a single click!
-
05-03-2007, 11:16 PM #11Junior Guru Wannabe
- Join Date
- Oct 2005
- Posts
- 43
thx again... yes, the goal is not to enhance security per say (although i'd hate to do anything that hampered current security!) but to allow two different websites w/ their own set of .php scripts to both make changes to the one .htpasswd file on the fly, in effect mirroring changes to the file so when a user is removed on one side they lose access at the other as well (and vice-versa)... i will speak w/ my host about setting up the links in the fashion and greatly appreciate your time and insight friend..!