On Sat, 2011-11-19 at 01:46 +0200, Graham Leggett wrote:
> On 19 Nov 2011, at 12:38 AM, William A. Rowe Jr. wrote:
>
> > After several prods, it seems the security@ and hackathon participants
> > can't be drawn out of their shells on to dev@. So I'll simply call
> > for
> > a majority vote on the following statement...
> >
> > Resource abuse of an .htaccess config in the form of cpu/memory/
> > bandwidth;
> >
> > [X] Represents a security defect
> > [ ] Is not a security defect
>
> The config is clearly demarcated into two types, a "trusted" config
> loaded at startup time rooted at /etc/httpd (or wherever), and a
> limited "untrusted" config placed into .htaccess files within the
> content and loaded at runtime. If we were to declare .htaccess as
> containing "trusted" content only, most of the point behind .htaccess
> is lost. The trusted admin simply needs to merge .htaccess into the
> main config, and he gains load-on-startup and copy-on-write, there is
> little point in one common administrator scattering their config in
> two separate places or mechanisms.
>
> The people given the power to change both .htaccess and content are
> typically customers of a hosting company, or employees at a corporate,
> and admins are generally not comfortable exposing themselves to
> avoidable risk from either group. That said, I do concede that these
> two groups are more trusted than the typical end user who might access
> a site, but I still believe we should fix .htaccess problems as
> reported where it is practical to do so to bring the risk as low as is
> practical.
>
Agree completely with Graham
|
| Mime |
- Unnamed multipart/signed (inline, None, 0 bytes)
- Unnamed multipart/alternative (inline, None, 0 bytes)
|