httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans Zaunere <>
Subject Re: What am I missing? (subversive vhosts)
Date Thu, 22 Aug 2002 16:59:43 GMT

> In general, allowing someone to edit httpd.conf is the same as giving
> them root access to your server.  (That is not a metaphore; it is
> fairly 
> easy to gain root if you control the configuration of a daemon that
> runs 
> as root.)  Don't do it unless you trust them.

So how does one generally allow users to Order/Allow/Deny their own
directories?  Write a webbased script that carefully filters input? 
That's about the most secure way I can think of.  And, I had hoped to
be able to give users as much freedom as possible.  What is the
generally excepted and/or bleeding-edge point of what config changes
should be allowed?


Do You Yahoo!?
HotJobs - Search Thousands of New Jobs

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message