Announcement

#1 2014-07-08 22:30:16

kyp_
Member
2013-06-17
84

.htaccess password protection (Security)

Hi,

In which folder should I ideally put it in order to protect
the admin area without breaking any normal functions ?


(this is kind of a follow-up question about:
Finding failed login attempts  http://piwigo.org/forum/viewtopic.php?pid=152652 )


cheers
kyp



Piwigo version: 2.5.1
PHP version: 5.4.17
MySQL version: 5.5.36-cll

Last edited by kyp_ (2014-07-08 22:30:53)


Cheers

Offline

 

#2 2014-07-08 22:33:38

mistic100
Former Piwigo Team
Lyon (FR)
2008-09-27
3271

Re: .htaccess password protection (Security)

Put what ? (htaccess files do so many things...)

and also If you have a strong enough password I really don't understand why you would have to add another layer

Offline

 

#3 2014-07-08 22:54:19

kyp_
Member
2013-06-17
84

Re: .htaccess password protection (Security)

Sorry If I was unclear.

In which folder should I put the .htaccess file, that contains the parameters to password-protect a folder and subfolders:

Code:

.htaccess: 
AuthType Basic
AuthName "restricted area"
AuthUserFile /.../.htpasswd
require valid-user

Why would I want increased security? I like to have more layers of protection, not just one (even if it's a very strong one). Same reason people use 2-Step Verification in addition. I wouldnt say it is such an odd request ?

cheers,
kyp


Cheers

Offline

 

#4 2014-07-08 22:58:29

mistic100
Former Piwigo Team
Lyon (FR)
2008-09-27
3271

Re: .htaccess password protection (Security)

the only file to protect is admin.php, all other files in "admin" are protected against direct access

and no, I really don't see the interest of a double password access, if someone can hack one he can hack two (as long as you are not using SSL it's even weaker anyway)
The strength of the 2-Steps auth is that it's two different steps

(don't forget to block any access to .htaccess and .htpasswd files...)

Offline

 

#5 2014-07-08 23:17:25

kyp_
Member
2013-06-17
84

Re: .htaccess password protection (Security)

Thanks for the info! :)


Cheers

Offline

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2019 · Contact