Recent Topics

blocking direct access to /htsrv/getmail.php

Started by on Mar 11, 2005 – Contents updated: Mar 11, 2005

Mar 11, 2005 04:52    

Is there a way to block direct web access to /htsrv/getmail.php, but to still have it available for posting via email? Is this something that's handled through .htaccess?

jj.

Mar 11, 2005 15:51

You could use a .htpasswd file (and .htaccess) to password protect this particular file. Or simply rename it to something unique.

Mar 12, 2005 01:14

Okay, then let me back up one step... One of the things that bothers me about using getmail.php to post by email in the first place is that the user/pass is sent in the clear. Can this be protected via gpg or openpgp encryption? It would be nice to be able to send posts via openpgp so the credentials arent open.

I know the design side very well, but I'm new to the application side of the process. I'm using this project of getting b2evo running to learn databases and php scripting and I'm starting to get the hang of certain things but in general the whole process is new to me.

I guess it just wouldn't seem logical to do the whole .htaccess/.htpass thing if the creds are still just going to be sent in the clear... It's bad enough that the email account creds are being sent in the clear to send the email itself. Can you point me to some relevant docs or tutorials out there or, if it's not too involved, outline them here?

jj.


Form is loading...

CCMS – This forum is powered by b2evolution CMS, a complete engine for your website.