What are the known defects with htaccess protected pages?

I understand they're acceptable to brute pressure attacks as there's no limit to the quantity of occasions someone can make an effort to login. Along with a user can submitted and perform file around the server all bets are off...

Anything other .htaccess defects?

.htaccess is simply a way of indicating Apache configuration directives on the per-directory basis. They permit numerous different types of password protection.

If you're speaking about HTTP Fundamental Authentication then your account information are submitted cleartext with every request and therefore are susceptible to sniffing at (presuming you are not using SSL).

In addition to that, they're susceptible to the typical problems that any password based system is affected with.

Using HTTP Fundamental Authentication does not grant any extra ability for customers to upload and execute files. Whether they can do this already, they can continue to do this. When they could not, they cannot.

Using .htaccess is typical and it is fairly secure. Nevertheless it enables you to weaker with other attacks, for example remote file file disclosure weaknesses. For example the follow code could be employed to undermine .htaccess.


An exploit would seem like this:

This makes the items in .htaccess to become displayed towards the attacker.