Should I be using .htaccess to protect highly sensitive data?
If you decide to protect something using .htaccess, be sure to understand one thing: the protection of your data relies upon the web server configuration. This means if the configuration changes, it might be possible for someone to retreive your data. As a general rule, it’s bad practice to place anything highly confidential or critical on a web server, period. There are numerous other options for storing and accessing sensitive data. Always remember, the web was originally designed for public access, and so access control is really an addition.
Related Questions
- In programs with highly sensitive data, we would like to re-verify the users password before the user is allowed to examine or modify data. Can SECURITRE help with this?
- Is it possible to set different access levels to protect sensitive data?
- Should I be using .htaccess to protect highly sensitive data?
