Re: Re: Password security

[Jock Dempsey <guru@anvilfire.com>]

>> I setup the /data folder in the public accessable www space.
>> I have support files the users need in the /data/ringname/ folders.
> How about this .htaccess file in the /data directory:
<Files *.db>
order allow,deny
deny from all 
</Files>
> / Gunnar
I asked my server guy what to do and then later forwarded your solution.
He is in New Zealand and the Day/Night difference determines when I get
responses.
His response was that it was exactly what he would do and not to make it
any more complicated than necessary.
Andrew is a UNIX type and once had his own ISP business.  Currently he
maintains my server and the technical end of hosting some 50 other domains.
He is pretty sharp on these problems.
I asked him about the other two methods for ALL files/sub folders in a folder.
1)
order allow,deny
deny from all
2)
<Limit GET>
deny from all
</Limit>
He says the first method is a "hard deny" and the best security.  However,
it may cause problems with some scripts.  The second method is more
flexible and allows certain scripts to function where the first would not.
Gunnar's scripts are written with strict definitions and calls to other
scripts and should work under the strictest security.  I would reccomend
the first method with the second as a backup if something doesn't work.
Jock D.