Segregate Public and Private Data
Don't store sensitive or private data on the same machines as the public web servers. This is especially true if you store sensitive data like credit card information. In the case of less sensitive data, store the data outside the public root in a non-web accessible location. For example, if the path to your public, web-accessible directory is /home/client/public_html, store passwords above in the /home/client/ directory. Not foolproof by any means, but still a good security measure. And, avoid common names for directories and files. For example, store passwords as /home/client/pazzes/.htpwords instead of /home/client/passwords/.htpasswd (.htpasswd is too commonly used for password file names).
Last Revised: 2015-09-12 13:16:00