hiding password file ?
I'm designing a web site for a customer who runs zen sessions, and so he has specifically asked for no popups, no windows or java password things..
On top of all that he wants to administer it himself and hes sort of a BOFH..
so I wrote a quick "get the username and password, read file with name "username" if contents=password, go for it.."
this gives me a directory called auth with a file for each user (so he can do what he wants..).. the only thig is that if anybody types in "url.com/auth/"username" they get the password nicely printed on the screen..
this is obviously no good..
apparently you can sort it out with .htaccess, but I can't seem to figure out how..
(block the typical index in the httpd.conf..)
any help would be appreciated
|
Linear Mode
