Thread: password safety-

Have been reading about password safety and most say that the password file should not be kept in the root directory but to store it outside the server root directory. What exactly do they mean and how does that pertain to our account on the VH server?

I know that you can create a sub-directory that would be referenced like;
public_html/my_subdirectory

But is that what they are talking about?

Andy

I would assume it is talking about things like the htaccess password (password protected directories). If you log in using a ftp you will have a bunch of directories:

public_html
public_ftp
mail
tmp
.cpanel
.htpasswds
etc

... For instance with cPanel when you create a password protected directory, the passwords are stored in the ".htpasswds" directory, which is behind the root.

If they are not talking about such passwords I haven't a clue what they are talking about (unless I am overlooking something obvious)

Watdaflip-

Merry Christmas my friend. Well, I believe that they are refering to a directory outside that which is avaliable to the public. But, I do not know how to call upon or reference such a directory like, for instance opening a file to read / an or storing info there. I believe that it has to be allowed in the php config files.

For now- I think that I will simply keep the info in a txt file and md5 it. I think the chances of someone guessing the txt file name are slim and if the info is md5 encrypted- it will be ok.

Talk to you later.

Andy

You can open a file using a filepath, such as

"/home/cpanel_username/public_html/filename.txt"

You should be able to open one using something like

"home/cpanel_username/passwords/filename.txt"

using fopen("home/cpanel_username/passwords/filename.txt", "r"); or whatever operation you will be using (read, write, alter)