Protecting password files stored in the CMS


With the release of Page Safe 1.4.0, Joe has allowed you to use Total CMS to set the passcodes. When managing passcodes with Total CMS, they are stored in a plain text file inside the CMS. This text file is not listed anywhere and not easily discoverable, but it is still in a vulnerable spot. You can lock down this file and not make is accessible via the web with an htacccess rule. If you already have an .htaccess file on your server, then add this code to it:

<Files pagesafe.cms>
order allow,deny
deny from all
</Files>

If you do not already have a .htaccess file, it is very easy to make. Just use TextEdit, add that code to the file and save it as htaccess (do not add the period before the word or it will go invisible). Copy that to the main directory on your server. Once it is there, then add the period before the name and you will be good to go.

Now go forth and make your websites great!