views:

40

answers:

1

I am using .htaccess files to control access to various Apache2 directories. I have a main "password" file that contains usernames and passwords. All the instructions I have found regarding .htaccess talk about how the passwords added are encrypted. The usernames and passwords are created using the following command line syntax ...

htpasswd -nb username password

What I am wondering is ... do the passwords always need to be encrypted? Could I store usernames and passwords in a plain-text form someonewhere on the system (above the web root)? This would allow me to easily edit user names and passwords via FTP without requiring access to the Shelll (which I do not always have). Thank you.

+2  A: 

Uh, it's a really really really bad idea to store the passwords in plaintext, regardless of whether it's supported or not. You could always generate the hashed passwords with a local copy of the htpasswd(1) utility...

SamB