hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : possible for multiple sites on same server to "share" one .htpasswd file?
Reply

Forum Jump

possible for multiple sites on same server to "share" one .htpasswd file?

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 05-03-2007, 05:01 PM
frameRelay frameRelay is offline
Junior Guru Wannabe
 
Join Date: Oct 2005
Posts: 43
Question

possible for multiple sites on same server to "share" one .htpasswd file?


the subject pretty much sums it up, is there a method or solution for multiple websites (whic reside on the same dedicated server) to share just one .htpasswd, or automate the mirroring of said .htpasswd file?

if so any suggestions for methodology or products that would facilitate this action would be most welcome, thx in advance friends..!




Sponsored Links
  #2  
Old 05-03-2007, 05:13 PM
mistwang mistwang is offline
Web Hosting Guru
 
Join Date: Nov 2003
Posts: 304
Just pointing to the same .htpasswd file in "AuthUserFile" directives. Should not be a problem at all.

__________________
LiteSpeed Web Server by http://www.litespeedtech.com
Best PHP and Ruby On Rails hosting platform,
Completely Apache interchangeable
Compatible with all hosting control panels.

  #3  
Old 05-03-2007, 05:27 PM
frameRelay frameRelay is offline
Junior Guru Wannabe
 
Join Date: Oct 2005
Posts: 43
Quote:
Originally Posted by mistwang View Post
Just pointing to the same .htpasswd file in "AuthUserFile" directives. Should not be a problem at all.
thx for your speedy reply friend, i will research the AuthUserFile reference and see what i can find. can i ask you this then... would it be possible to just have one .htpasswd located somewhere safe/deep, and have both sites use symbolic links to point to that one? the issue i have w/ just sharing one of them is that both are modified externally by scripts, so if there is a way to just have one .htpasswd file that can be modified and accessed by both websites transparently that would be ideal...

thx again for your help and have a good one friend..!

Sponsored Links
  #4  
Old 05-03-2007, 09:24 PM
mistwang mistwang is offline
Web Hosting Guru
 
Join Date: Nov 2003
Posts: 304
You don't have to use symbolic links, just point to the location of the file directly.

For the sake of security, just make the .htpasswd file only readable by the user that web server run as, and run PHP and CGIs with suEXEC, so the .htpasswd file is not readable from PHP and CGI.

__________________
LiteSpeed Web Server by http://www.litespeedtech.com
Best PHP and Ruby On Rails hosting platform,
Completely Apache interchangeable
Compatible with all hosting control panels.

  #5  
Old 05-03-2007, 10:16 PM
frameRelay frameRelay is offline
Junior Guru Wannabe
 
Join Date: Oct 2005
Posts: 43
Quote:
Originally Posted by mistwang View Post
You don't have to use symbolic links, just point to the location of the file directly.

For the sake of security, just make the .htpasswd file only readable by the user that web server run as, and run PHP and CGIs with suEXEC, so the .htpasswd file is not readable from PHP and CGI.
thx once again for your reply, but unfortunately i cannot modify the path pointed to the current two .htpasswd's in some of the scripts in question, hence the wish to replace them both w/ symbolic links if possible, both pointing to (and being able to write to) the one real .htpasswd..

  #6  
Old 05-03-2007, 10:29 PM
mistwang mistwang is offline
Web Hosting Guru
 
Join Date: Nov 2003
Posts: 304
You can use symbolic link if you need to. But it will not make the .htpasswd file safer in term of security.

So, you are not using web server's builtin password protection feature, it was inside the script, right?
Then, you have to be careful with the file permission of the .htpasswd, it has to be readable to the user that the script run as.

__________________
LiteSpeed Web Server by http://www.litespeedtech.com
Best PHP and Ruby On Rails hosting platform,
Completely Apache interchangeable
Compatible with all hosting control panels.

  #7  
Old 05-03-2007, 10:35 PM
frameRelay frameRelay is offline
Junior Guru Wannabe
 
Join Date: Oct 2005
Posts: 43
Quote:
Originally Posted by mistwang View Post
You can use symbolic link if you need to. But it will not make the .htpasswd file safer in term of security.

So, you are not using web server's builtin password protection feature, it was inside the script, right?
Then, you have to be careful with the file permission of the .htpasswd, it has to be readable to the user that the script run as.
thx again for your time mistwang... yes, i rely on a secondary .php script on my server for each website that logs password pair usage and locks shared accounts when needed. would going the route w/ symbolic links for both sites where the .htpasswd would be markedly 'unsafe' in practice? and would this method allow the one real .htpasswd file to be modified by scripts from either website?

thx again..!

  #8  
Old 05-03-2007, 10:48 PM
mistwang mistwang is offline
Web Hosting Guru
 
Join Date: Nov 2003
Posts: 304
You are welcome!

Quote:
Originally Posted by frameRelay View Post
would going the route w/ symbolic links for both sites where the .htpasswd would be markedly 'unsafe' in practice?
Using symbolic links have no impact on security of the target file.

Quote:
would this method allow the one real .htpasswd file to be modified by scripts from either website?
No. As long as the file permission of the real .htpasswd file is set to readonly to users that the scripts run as.

__________________
LiteSpeed Web Server by http://www.litespeedtech.com
Best PHP and Ruby On Rails hosting platform,
Completely Apache interchangeable
Compatible with all hosting control panels.

  #9  
Old 05-03-2007, 10:56 PM
frameRelay frameRelay is offline
Junior Guru Wannabe
 
Join Date: Oct 2005
Posts: 43
hmm... i really need the .htpasswd to be modifiable by the scripts from either website, both to add new password pairs and to remove them, am i looking in the wrong direction here for this task? really i am trying to find a way that doesn't involve changing the existing scripts, the .htpasswd is currently set at 666 and the scripts can change it properly now, would having the symbolic links pointing to the new location w/ it also set as 666 not work then..?

  #10  
Old 05-03-2007, 11:08 PM
mistwang mistwang is offline
Web Hosting Guru
 
Join Date: Nov 2003
Posts: 304
Quote:
Originally Posted by frameRelay View Post
hmm... i really need the .htpasswd to be modifiable by the scripts from either website, both to add new password pairs and to remove them, am i looking in the wrong direction here for this task? really i am trying to find a way that doesn't involve changing the existing scripts, the .htpasswd is currently set at 666 and the scripts can change it properly now, would having the symbolic links pointing to the new location w/ it also set as 666 not work then..?
I thought you want to secure the .htpasswd file.
Yes, it should still work via symbolic links if permission of .htpasswd is set to 0666.

__________________
LiteSpeed Web Server by http://www.litespeedtech.com
Best PHP and Ruby On Rails hosting platform,
Completely Apache interchangeable
Compatible with all hosting control panels.

  #11  
Old 05-03-2007, 11:16 PM
frameRelay frameRelay is offline
Junior Guru Wannabe
 
Join Date: Oct 2005
Posts: 43
Quote:
Originally Posted by mistwang View Post
I thought you want to secure the .htpasswd file.
Yes, it should still work via symbolic links if permission of .htpasswd is set to 0666.
thx again... yes, the goal is not to enhance security per say (although i'd hate to do anything that hampered current security!) but to allow two different websites w/ their own set of .php scripts to both make changes to the one .htpasswd file on the fly, in effect mirroring changes to the file so when a user is removed on one side they lose access at the other as well (and vice-versa)... i will speak w/ my host about setting up the links in the fashion and greatly appreciate your time and insight friend..!


Reply

Related posts from TheWhir.com
Title Type Date Posted
Microsoft Gains Most Sites in April: Netcraft Web Server Survey Web Hosting News 2014-04-08 10:53:35
SSL Use Among Million Busiest Sites Up by 48% Year-Over-Year: Netcraft Survey Web Hosting News 2014-01-10 14:53:32
nginx Regains Web Server Market Share in December Netcraft Survey Web Hosting News 2013-12-10 15:38:51
Microsoft Sees Largest Gains in Netcraft November Web Server Survey Web Hosting News 2013-11-04 16:01:02
Apache Loses 9.9 Million Sites in Netcraft April 2013 Web Server Survey Web Hosting News 2013-04-03 14:42:33


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?