Hi,
I’m creating a dashboard that I want to put live on Heroku and I want the end user to have to login.
I want to ensure that the username and password details are being stored securely when the dashboard is live. The documentation on authentication (Basic Auth) simply says “# Keep this out of source code repository - save in a file or a database” but doesn’t really give any detail on how this is done.
I’ve read the linked article on HTTP authentication so I’m assuming I put the credentials in a .htpasswd file and then reference this file with a .htaccess file.
My questions are:
- Is this the right way to safely store login credentials for dash applications?
- If it is then do I just store the .ht files in the app folder?
It seems a bit strange that I should supply the path to the .htpasswd file from the .htaccess file if they’re both in the same folder, but I’m not from a developer background so I don’t know if this is standard procedure or not.
Any help would be appreciated.