Quote:
|
I was told that moving the password files above the HTML level should fix it
|
the same thing crossed my mind, but i cant see what difference that would make... i mean, if the script itself is writing the password-pairs into the .htpasswd, then it won't matter where you move it to, the script will still know where it is regardless. this isn't a vulnerability of the .htpasswd file, it is the script itself allowing these pairs to be written in..