How to hide the Login Tools user database?

Frequently Asked Questions about WYSIWYG Web Builder
Locked
User avatar
Pablo
 
Posts: 21570
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

How to hide the Login Tools user database?

Post by Pablo »

By default the user database of the login tools can be accessed by anyone that knows the file name. And although the passwords are encoded, the email addresses are not hidden.

So the first thing you should do is to make sure you give the user database a unique name that can not easily be guessed.
For example: A6gr8JDaTa.csv

To make the user database completely in accessible you can create a .htaccess file in the folder on the server with the following content:

Code: Select all

<Files "usersdb.php"> 
Order deny,allow 
Allow from ***.***.***.*** 
Deny from all 
</Files>
where usersdb.php is the name of the database and
***.***.***.*** is your IP address.

See also:
http://www.javascriptkit.com/howto/htaccess.shtml
Locked