Best password / folder manager combo?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Hi there,

our company has used FrontPage in managing our website. We have lots of
folders that are uniquely protected with passwords, and FrontPage is
pretty useful in maintaining the passwords. (And in my opinion that's
the only thing it's useful for...)

Now we have to change our server to a newer one, and I was wondering if
there was some similar software that could manage the passworded
folders in a nice, orderly fashion. I wouldn't want to go and mess with
command line htaccess files, but rather to have a GUI for managing

It doesn't matter if it's Unix, Windows, php, cgi or even asp as long
as it works and is 100% secure. And it should be cheap/free. My dream
combo would be a UNIX / PHP -based solution. I haven't made a request
about our new server, so I'm all open minded :)

Thanks in advance


Re: Best password / folder manager combo?

Using a pointed stick and pebbles, scraped:

Quoted text here. Click to load it

An open mind is insecure ;)

A quick Google found this: which claims to be a
PHP-based GUI for managing htaccess. I can't seem to use the online
demonstration though as it wouldn't let me in using the "test" username

Dylan Parry -- Where the Music Progressively Rocks!

Re: Best password / folder manager combo?

Quoted text here. Click to load it

Do you need a GUI for managing the .htaccess files -or- the passwords
these .htaccess files point to?

It may not be very practical to have a GUI manage the actual .htaccess
files because they may contain custom apache directives. Probably
best doing that in an editor. (You can create 1 .htaccess file and just
copy it)

As far as the unique .htaccess, it's not real apparent at first, but
apache has a notion of 'groups'. If you're using several different
password files, you might want to consider peeking into a group based
system. (Some folks will have multiple password files to emulate a
"group based" access system. This makes it difficult to manage all
those password files)

Quoted text here. Click to load it

Who are they protected from? Is it employees clients or other?

By "security" do you mean enforced SSL? Problem with .htaccess is that the
browser sends the credentials acrosss the wire each time, it's not really
secure because someone can snoop. Digest authentication is supposed to fix
this problem, but the research I've seen indicates browser will go ahead
and send the basic authentication strings anyway ("Just in case Digest doesn't
work" I suppose.) this makes it basically useless from what I can tell.

I have a product that can manage the password / group files as well as a few
others (see my sig) but it's not for super high security. I myself wouldn't use
it (or any non-ssl program for that matter) for shell access. Good for casual,
"only let clients in" kind of applications though.

There are a lot of such programs out there with varying complexity. If you've
got control over the server, consider using an LDAP based solution, they're
fast, designed for this sort of thing, scale well and apache has support
for them. (been years since I've used them though)

I'd go with a UNIX server if I were you, a password manager shouldn't be the
deciding factor.

-- Custom web programming
guhzo_42@lnubb.pbz (rot13)                User Management Solutions

Site Timeline