Securing Your Web Pages with Apache Page 12
dbmmanage tools, also
/usr/local/web/apache/bin/ directory, are similar
allows you to maintain text database files for use with Digest
dbmmanage supports the
DB, DBM, GDBM, and NDBM database formats.
is a Perl script, so you will need to have the Perl interpreter
(version 5 or later) installed on your system in order to use it.
Location of Your Authentication Database
Remember that one of the main things the Apache Web server does is serve up files to visitors from the Internet -- and don't put your authentication database files anyplace where that could happen to them!
For server-wide database files (that is, those managed by the
Webmaster and listed in the
httpd.conf file, rather
than in user's
.htaccess files), make sure you put them
someplace where they're not under the DocumentRoot. Also
make sure you don't put them someplace where they're under
For access control used by individual users to protect their own documents,
the database files should not be under the directory listed in
UserDir directive in the server's
public_html). Having your users
put their database files in their home directory, or in another
subdirectory (other than under
a good idea.
Recent versions of Apache (those newer than 1.3.4 or so) include a default limitation on the common filenames used for per-directory authentication databases:
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
This will prevent the server from processing requests for files named
.htpasswd-foo.db, and so on. Note that if you upgraded your Apache server from an earlier version, your
httpd.conffile may not include these lines, and you may want to add them yourself.
Frequently-Asked Apache Security Questions