Where should I place the .htpasswd file (phpMyAdmin)?
Solution 1
It is NOT a good idea to place your .htpasswd
file in /var/www
.
You can place the .htpasswd
pretty much anywhere other than your web folder. I would place it in /etc/phpmyadmin
.
Solution 2
Well, in theory you should be ok with putting your .htpasswd file anywhere in the apache document root since apache default configuration for any file beginning with ".ht" should be this:
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
However, I tend to avoid that, and usually put my .htpasswd files somwhere in the apache folder, for example:
/etc/apache2/htpass/.htpasswd
or
/etc/apache2/.htpasswd
I don't think there are any official best practices for this, correct me if I am wrong...
Related videos on Youtube
user51819
Updated on September 18, 2022Comments
-
user51819 over 1 year
I am following this tutorial setting up phpMyAdmin:
I edit the .htaccess file at /usr/share/phpmyadmin/.htaccess
But I need to point it to a .htpasswd file of my choice.
Can I put it in /usr/share/phpmyadmin so it's next to .htaccess? Or can I put it in /var/www ?
-
user51819 almost 10 yearsWhat is the difference between /etc/phpmyadmin and /usr/share/phpmyadmin?
-
user51819 almost 10 yearsSo why is .htaccess being instructed (as per the tutorial) to go into /usr/share and not /etc/phpmyadmin since .htaccess is a sort of configuration type file?
-
Aerozeek almost 10 yearsAs long as
.htpasswd
is not accessible from http, ftp, etc, it's Ok to place it anywhere, including/usr/share/phpmyadmin
. The main difference has to do with the intended use of each folder. I personally like/etc
for the important stuff better. -
Aerozeek almost 10 yearsAh...
.htaccess
files are special. Those are usually supposed to be in/var/www
. The reason for that difference is because you may want to decide that you need different configurations for each subdirectory on your server, so you can place onehtaccess
file in each. In the case of phpmyadmin, the PHP interpreter reads the.htaccess
file from that place instead of/var/www
, but that is exactly the same reason why it shouldn't have the.htpasswd
file in the same place. Rule: If a folder is accessible by a process accessing the network, the folder can be compromised