httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Carless <gcarl...@manh.com>
Subject RE: Auth*UserFile path ?
Date Fri, 10 May 2002 16:12:09 GMT
> I forgot to mention this - i think telling users the path is very bad
idea.
> They should not know and need it. The path can change even.

Security through obscurity is rarely worth pursuing.  If you're allowing the
users to do anything like PHP or CGI -- really, anything beyond just serving
regular html files -- then they will be able to find a means of determining
the path to their files.  The fact that the path can change may lead to some
maintenance issues - but then arbitrarily moving directories around isn't
often a good idea anyhow.

Just sticking my oar in..
--George

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message