httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans Zaunere <zaun...@yahoo.com>
Subject Re: What am I missing? (subversive vhosts)
Date Thu, 22 Aug 2002 16:59:43 GMT

> In general, allowing someone to edit httpd.conf is the same as giving
> 
> them root access to your server.  (That is not a metaphore; it is
> fairly 
> easy to gain root if you control the configuration of a daemon that
> runs 
> as root.)  Don't do it unless you trust them.

So how does one generally allow users to Order/Allow/Deny their own
directories?  Write a webbased script that carefully filters input? 
That's about the most secure way I can think of.  And, I had hoped to
be able to give users as much freedom as possible.  What is the
generally excepted and/or bleeding-edge point of what config changes
should be allowed?

Hans



__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message