Hi,
In which folder should I ideally put it in order to protect
the admin area without breaking any normal functions ?
(this is kind of a follow-up question about:
Finding failed login attempts http://piwigo.org/forum/viewtopic.php?pid=152652 )
cheers
kyp
Piwigo version: 2.5.1
PHP version: 5.4.17
MySQL version: 5.5.36-cll
Last edited by kyp_ (2014-07-08 22:30:53)
Offline
Put what ? (htaccess files do so many things...)
and also If you have a strong enough password I really don't understand why you would have to add another layer
Offline
Sorry If I was unclear.
In which folder should I put the .htaccess file, that contains the parameters to password-protect a folder and subfolders:
.htaccess: AuthType Basic AuthName "restricted area" AuthUserFile /.../.htpasswd require valid-user
Why would I want increased security? I like to have more layers of protection, not just one (even if it's a very strong one). Same reason people use 2-Step Verification in addition. I wouldnt say it is such an odd request ?
cheers,
kyp
Offline
the only file to protect is admin.php, all other files in "admin" are protected against direct access
and no, I really don't see the interest of a double password access, if someone can hack one he can hack two (as long as you are not using SSL it's even weaker anyway)
The strength of the 2-Steps auth is that it's two different steps
(don't forget to block any access to .htaccess and .htpasswd files...)
Offline
Thanks for the info! :)
Offline