Where should I place the .htpasswd file (phpMyAdmin)?

apache2 lamp phpmyadmin .htaccess
13,851

Solution 1

It is NOT a good idea to place your .htpasswd file in /var/www.

You can place the .htpasswd pretty much anywhere other than your web folder. I would place it in /etc/phpmyadmin.

Solution 2

Well, in theory you should be ok with putting your .htpasswd file anywhere in the apache document root since apache default configuration for any file beginning with ".ht" should be this:

<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

However, I tend to avoid that, and usually put my .htpasswd files somwhere in the apache folder, for example:

/etc/apache2/htpass/.htpasswd

or

/etc/apache2/.htpasswd

I don't think there are any official best practices for this, correct me if I am wrong...

Share:
13,851

Related videos on Youtube

user51819
Author by

user51819

Updated on September 18, 2022

Comments

  • user51819
    user51819 over 1 year

    I am following this tutorial setting up phpMyAdmin:

    https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-12-04

    I edit the .htaccess file at /usr/share/phpmyadmin/.htaccess

    But I need to point it to a .htpasswd file of my choice.

    Can I put it in /usr/share/phpmyadmin so it's next to .htaccess? Or can I put it in /var/www ?

  • user51819
    user51819 almost 10 years
    What is the difference between /etc/phpmyadmin and /usr/share/phpmyadmin?
  • user51819
    user51819 almost 10 years
    So why is .htaccess being instructed (as per the tutorial) to go into /usr/share and not /etc/phpmyadmin since .htaccess is a sort of configuration type file?
  • Aerozeek
    Aerozeek almost 10 years
    As long as .htpasswd is not accessible from http, ftp, etc, it's Ok to place it anywhere, including /usr/share/phpmyadmin. The main difference has to do with the intended use of each folder. I personally like /etc for the important stuff better.
  • Aerozeek
    Aerozeek almost 10 years
    Ah... .htaccess files are special. Those are usually supposed to be in /var/www. The reason for that difference is because you may want to decide that you need different configurations for each subdirectory on your server, so you can place one htaccess file in each. In the case of phpmyadmin, the PHP interpreter reads the .htaccess file from that place instead of /var/www, but that is exactly the same reason why it shouldn't have the .htpasswd file in the same place. Rule: If a folder is accessible by a process accessing the network, the folder can be compromised

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to fix phpMyadmin login?
How to setup PHPMyAdmin as SubDomain on Apache 2.4.7?
Apache restart not working properly?
Ubuntu 18.04 LTS after fresh install of MySQL / PHPMyadmin; no root password; unable to login with PHPmyadmin
Why do I get 404 on LAMP Permalinks (Using wordpress)
#1045 Cannot log in to the MySQL server
Cannot start XAMPP on Ubuntu 11.10
How to solve the phpmyadmin not found issue after upgrading php and apache?
"XAMPP: Couldn't start MySQL" on Ubuntu 64bit
Can't find Localhost files