Password protecting PEAR folder

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
Reviresco
Forum Contributor
Posts: 172
Joined: Tue Feb 19, 2008 4:18 pm
Location: Milwaukee

Password protecting PEAR folder

Post by Reviresco »

I installed PEAR using FTP on a site using a shared host (Network Solutions), and the PEAR documentation says to password protect the directory.

I tried doing the usual password protection through Account Manager, but then when I went to my PEAR page, I got a 500 Internal Server Error.

So in looking into doing it with .htaccess, I found that I need to create an .htpasswd file in my root directory, above the public web folder. However, File Manager won't allow me to create anything in the root directory.

I was thinking maybe this was something I could do in php.ini but there doesn't seem to be a password protection command that I could find.

Any suggestions on how to password protect my PEAR directory?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Password protecting PEAR folder

Post by Christopher »

I don't understand what your "PEAR page" is, but you should put a .htaccess in your PEAR directory that has "deny all" in it. You should not allow any web access to library directories. The files in those directories are access using include() only.
(#10850)
Reviresco
Forum Contributor
Posts: 172
Joined: Tue Feb 19, 2008 4:18 pm
Location: Milwaukee

Re: Password protecting PEAR folder

Post by Reviresco »

By "PEAR page" I mean this:

PEAR_Frontend_Web: Webbased PEAR Package Manager, the best way to manage your pear-compatible packages.

The warning is:

Warning: This package management website is not protected with a password, this is a MAJOR security risk. Please read the README.

The README says this:

Security:
---------
The webfrontend manages all packages, be sure to protect it !
The easiest way is to protect it with a .htaccess file, in the webdir:
$ echo "
AuthUserFile $(pwd)/.htpasswd
AuthType Basic
AuthName \"Web-based PEAR Frontend\"
Require valid-user" > .htaccess && htpasswd -c .htpasswd admin

Unfortunately I don't have command line access.
Post Reply