Apparently someone really doesn't want me to have a server! - Page 3

Burble · 06-07-2008, 17:33

I should have explained the htacces stuff a bit better. You have a single file on the filesystem that contains usernames and associated (MD5'd) passwords. In either the Apache config or .htaccess files (if you went for the file route you'd have a .htaccess at the root of the structure that you wanted to be the 'home' directory for each user) you say what users are allowed to access that directory.

So you'd have a password on a per user basis as you wanted.

LeperousDust · 06-07-2008, 18:07

Hmmmm i'm using WAMP Server 2.0, I've installed it but within that time i don't seem to be able to access their site, and i kinda need the documentation because I've no idea where all the key config files are kept, everything is running on default stuff atm so I've kept it offline. Can't even find .htaccess atm!

Daz · 06-07-2008, 18:16

.htaccess wont exist, you create it in whatever directories you need it. You'll probably be looking for httpd.conf or apache2.conf

LeperousDust · 06-07-2008, 18:47

Oh

i see

I'll have a play now

Burble · 06-07-2008, 19:08

Yep, either shove a .htaccess file into the root of each 'home' directory or shove the htaccess straight into the Apache config.

Normally I'd say only use .htaccess files when you don't have access to the Apache config (ie, you're a not privileged user on a box).

LeperousDust · 06-07-2008, 19:26

Right as usual this is starting to get way over my head and some documentation (well n00b tutorial), my phpmyadmin is telling me this

Quote:

Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.

but i dont know what config file i need to look at!

Also burble when you say apache config file over htaccess how come and which apache config file, is that wampserver.conf in my case?

Burble · 06-07-2008, 19:50

It's been ages since I've used PHPMyAdmin but I think the config file is called config.inc.php. What the warning is saying is that the root user in MySQL doesn't have a password so anyone on the box could login as root. You can fix that by doing:

Code:

mysqladmin -u root password newpassword

I've never used WAMP (I always do web serving from Linux boxes and I compile Apache, PHP & MySQL from scratch) but I would assume that there is still an apache2.conf file there.

The potential issue you have using the .htaccess files is that you can use those files to change the Apache config. Not a problem if you're the only person using the box but if it's a shared box then you could have other people putting config stuff in and causing you problems. There is also a slight performance hit since Apache will check every directory for a .htaccess file even if you don't use them. Now if you're not serving much then it isn't a problem.

Personally I'd shove all the authentication stuff into the main Apache config file (within <Directory> sections) and then set the AllowOverride directive in the main config file to 'none' so that any .htaccess files are ignored.

I always look at these sort of things with my work brain so have to seriously consider security and performance but if you're only serving stuff internally and you're the only user on the box then you could go with the .htaccess files instead and notice no differences.

LeperousDust · 06-07-2008, 20:33

I will be serving stuff outside as well so security can't be ignored. I think i just need to do a LOT of reading

Cheers Burble though

Burble · 06-07-2008, 20:35

No probs

LeperousDust · 06-07-2008, 22:24

Just out of interest is the wesite www.en.wampserver.com working for anyone? Since i downloaded the installer i keep timing out, i've flushed my DNS and tried Fx and IE to no avail, not quite sure what they're playing at...

06-07-2008, 18:07	#22
LeperousDust Bananaman Join Date: Jul 2006 Location: Liverpool/Edinburgh Posts: 4,817	Hmmmm i'm using WAMP Server 2.0, I've installed it but within that time i don't seem to be able to access their site, and i kinda need the documentation because I've no idea where all the key config files are kept, everything is running on default stuff atm so I've kept it offline. Can't even find .htaccess atm! __________________ Last edited by LeperousDust; 06-07-2008 at 18:32.

06-07-2008, 18:16	#23
Daz The Stig Join Date: Jun 2006 Location: Swad! Posts: 10,713	.htaccess wont exist, you create it in whatever directories you need it. You'll probably be looking for httpd.conf or apache2.conf __________________ apt-get moo

06-07-2008, 18:47	#24
LeperousDust Bananaman Join Date: Jul 2006 Location: Liverpool/Edinburgh Posts: 4,817	Oh i see I'll have a play now __________________

06-07-2008, 19:50	#27
Burble Rocket Fuel Join Date: Jul 2006 Posts: 7,826	It's been ages since I've used PHPMyAdmin but I think the config file is called config.inc.php. What the warning is saying is that the root user in MySQL doesn't have a password so anyone on the box could login as root. You can fix that by doing: Code: mysqladmin -u root password newpassword I've never used WAMP (I always do web serving from Linux boxes and I compile Apache, PHP & MySQL from scratch) but I would assume that there is still an apache2.conf file there. The potential issue you have using the .htaccess files is that you can use those files to change the Apache config. Not a problem if you're the only person using the box but if it's a shared box then you could have other people putting config stuff in and causing you problems. There is also a slight performance hit since Apache will check every directory for a .htaccess file even if you don't use them. Now if you're not serving much then it isn't a problem. Personally I'd shove all the authentication stuff into the main Apache config file (within <Directory> sections) and then set the AllowOverride directive in the main config file to 'none' so that any .htaccess files are ignored. I always look at these sort of things with my work brain so have to seriously consider security and performance but if you're only serving stuff internally and you're the only user on the box then you could go with the .htaccess files instead and notice no differences.

06-07-2008, 20:33	#28
LeperousDust Bananaman Join Date: Jul 2006 Location: Liverpool/Edinburgh Posts: 4,817	I will be serving stuff outside as well so security can't be ignored. I think i just need to do a LOT of reading Cheers Burble though __________________

06-07-2008, 17:33	#21
Burble Rocket Fuel Join Date: Jul 2006 Posts: 7,826	I should have explained the htacces stuff a bit better. You have a single file on the filesystem that contains usernames and associated (MD5'd) passwords. In either the Apache config or .htaccess files (if you went for the file route you'd have a .htaccess at the root of the structure that you wanted to be the 'home' directory for each user) you say what users are allowed to access that directory. So you'd have a password on a per user basis as you wanted.

06-07-2008, 19:08	#25
Burble Rocket Fuel Join Date: Jul 2006 Posts: 7,826	Yep, either shove a .htaccess file into the root of each 'home' directory or shove the htaccess straight into the Apache config. Normally I'd say only use .htaccess files when you don't have access to the Apache config (ie, you're a not privileged user on a box).

06-07-2008, 20:35	#29
Burble Rocket Fuel Join Date: Jul 2006 Posts: 7,826	No probs

06-07-2008, 22:24	#30
LeperousDust Bananaman Join Date: Jul 2006 Location: Liverpool/Edinburgh Posts: 4,817	Just out of interest is the wesite www.en.wampserver.com working for anyone? Since i downloaded the installer i keep timing out, i've flushed my DNS and tried Fx and IE to no avail, not quite sure what they're playing at... __________________

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode