[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Question about Basic Authentication

From: David Chapman <dcchapman_at_acm.org>
Date: Thu, 06 Sep 2012 11:39:18 -0700

On 9/6/2012 11:08 AM, Anastasio, David M CTR USAF AFMC AFLCMC/HNID wrote:
> Yes, I think that is exactly the problem here.
> I will try to create the password file with htpasswd.
> Does Apache suggest where the password file should reside?
> Is it restricted to a certain location? I couldn't find this in the
> documentation.
> Thank you.
> Dave
There is no standard password file location, as AuthUserFile is
specified directly in the <Location> block in your httpd.conf. Under
Linux I put the password file in /etc with the rest of the system
password files.

The essential requirement is that the file *not* be visible from outside
the server, i.e. don't put it into your repository directory or another
directory under your DocumentRoot. Unfortunately, I have seen this
happen - "hey, what's in http://server.name/passwd.txt"? It wasn't a
Subversion repository that time (and worse yet, the passwords were
plaintext), but password file location is a trap for the unwary.

I've never set up Apache under Windows, so I can't suggest a "good"
location. Maybe the directory in which httpd.conf is stored?

     David Chapman      dcchapman_at_acm.org
     Chapman Consulting -- San Jose, CA
     Software Development Done Right.
Received on 2012-09-06 20:40:14 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.