I installed PEAR using FTP on a site using a shared host (Network Solutions), and the PEAR documentation says to password protect the directory.
I tried doing the usual password protection through Account Manager, but then when I went to my PEAR page, I got a 500 Internal Server Error.
So in looking into doing it with .htaccess, I found that I need to create an .htpasswd file in my root directory, above the public web folder. However, File Manager won't allow me to create anything in the root directory.
I was thinking maybe this was something I could do in php.ini but there doesn't seem to be a password protection command that I could find.
Any suggestions on how to password protect my PEAR directory?
Password protecting PEAR folder
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Password protecting PEAR folder
I don't understand what your "PEAR page" is, but you should put a .htaccess in your PEAR directory that has "deny all" in it. You should not allow any web access to library directories. The files in those directories are access using include() only.
(#10850)
Re: Password protecting PEAR folder
By "PEAR page" I mean this:
PEAR_Frontend_Web: Webbased PEAR Package Manager, the best way to manage your pear-compatible packages.
The warning is:
Warning: This package management website is not protected with a password, this is a MAJOR security risk. Please read the README.
The README says this:
Security:
---------
The webfrontend manages all packages, be sure to protect it !
The easiest way is to protect it with a .htaccess file, in the webdir:
$ echo "
AuthUserFile $(pwd)/.htpasswd
AuthType Basic
AuthName \"Web-based PEAR Frontend\"
Require valid-user" > .htaccess && htpasswd -c .htpasswd admin
Unfortunately I don't have command line access.
PEAR_Frontend_Web: Webbased PEAR Package Manager, the best way to manage your pear-compatible packages.
The warning is:
Warning: This package management website is not protected with a password, this is a MAJOR security risk. Please read the README.
The README says this:
Security:
---------
The webfrontend manages all packages, be sure to protect it !
The easiest way is to protect it with a .htaccess file, in the webdir:
$ echo "
AuthUserFile $(pwd)/.htpasswd
AuthType Basic
AuthName \"Web-based PEAR Frontend\"
Require valid-user" > .htaccess && htpasswd -c .htpasswd admin
Unfortunately I don't have command line access.