Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Regular Coder
    Join Date
    Feb 2007
    Location
    London
    Posts
    225
    Thanks
    16
    Thanked 2 Times in 2 Posts

    During development: .htaccess passwords of php form of what?

    My host tech support just said:

    The .htpasswd system uses a very old security technique that has a number of problems (7 character password limit, some characters not properly recognized, conflicts with certain mod_rewrite rules and conditions, etc.). It is highly recommended that you avoid using the htpasswd system if at all possible.
    This got me thinking: during the development phase of a site, I always simply smack a .htaccess password on it until I want it to be publicly accessible. I've done that for years without ever asking what other people do.

    Naturally, a stronger and safer alternative is to have an almost blank index.php page with only a form to submit the developer's password, which would then reload the site under development without that form.

    • Are there other options?
    • What does everyone here do?
    • Is my host right in his vociferous warnings against using .htaccess for this purpose?


    Curious to here what you all do.

  • #2
    Senior Coder djm0219's Avatar
    Join Date
    Aug 2003
    Location
    Wake Forest, North Carolina
    Posts
    1,306
    Thanks
    4
    Thanked 205 Times in 202 Posts
    Not sure where your hosting provider got their information but it isn't valid. Using .htaccess is probably one of the more secure methods available and a very good choice for protecting things from prying eyes during development.
    Dave .... HostMonster for all of your hosting needs

  • #3
    Regular Coder
    Join Date
    Feb 2007
    Location
    London
    Posts
    225
    Thanks
    16
    Thanked 2 Times in 2 Posts
    Hmmm.

    Well, I guess hostgator loses some point here then.
    (They deserve to be named, given your feedback!)

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    I generally do a
    Code:
    Order deny,allow
    deny from all
    allow from 123.my.personal.ip
    But, using htpasswd shouldn't be a problem, either.

  • #5
    Regular Coder
    Join Date
    Feb 2007
    Location
    London
    Posts
    225
    Thanks
    16
    Thanked 2 Times in 2 Posts
    Thank you, mister 'you killed my father, prepare to die'.
    (In case someone flags this post for abuse(!), I'm merely commenting on the previous user's pic - an in-reference for anyone who knows the source of his image!)

    I never thought of allowing by IP address. That's far less messy then passwords.
    Thanks.

  • #6
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by cfructose View Post
    an in-reference for anyone who knows the source of his image!
    I don't think there's one bloke out there who doesn't like that film. Absolute classic.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •