I'm developing a PHP based web application which requires simple authentication to make use of. The applying is built to be placed on an internet server and used simply be who owns the website hosting/server, so there are only one user and password. I believed there is no reason in developing a complicated login system. I'd just produce a GUI to create .htaccess and .htpasswd files to make use of Apache's authentication. The concept behind it had been it was designed to simple, yet it's turning out to be much more of employment than I anticipated. I recognized I must put the .htpasswd file somewhere secure, meaning not inside a web accessible directory. However , web servers frequently have different filesystems and permissions, so how can i put it where it will likely be safe? I could produce a directory with "740" permissions, that ought to be secure, from what I will tell. However, this really is bothersome. The applying should be restricted to one folder, and when necessary a stray .htpasswd file. I would like to put the .htpasswd within the application folder, however i believe that's difficult if it's guaranteed through the .htaccess file, after i attempted it appeared to result in server errors. If anybody has a strategy to that or perhaps a better spot to place the .htpasswd file it might be greatly appreciated!

Automatically apache ought to be set up to not serve any .ht* files with this rule:

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

So it ought to be secure to put this file wherever you would like.

If you're experiencing server errors look for mod_auth if it's put together/enabled in apache installation and when your virtual host/webroot has AllowOverride AuthConfig