httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: What am I missing? (subversive vhosts)
Date Thu, 22 Aug 2002 16:15:05 GMT
Hans Zaunere wrote:
> <Directory /www/me/protected>
>   Order deny,allow
> </Directory>
> 
> If this is done within their <VirtualHost>, my protected directory is
> wide open with a request to their virtual host.  And, it seems to me,
> even if I don't allow editing of their <VirtualHost> blocks, couldn't
> this also be done with .htacces?

No, this can't be done from .htaccess unless they have write permissions 
to your directory or a parent directory, or you have followsymlinks in 
your options.

In general, allowing someone to edit httpd.conf is the same as giving 
them root access to your server.  (That is not a metaphore; it is fairly 
easy to gain root if you control the configuration of a daemon that runs 
as root.)  Don't do it unless you trust them.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message