httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Corteciano <ja...@linux-source.org>
Subject Re: [users@httpd] AllowOverride: Pros and Cons
Date Thu, 08 Jul 2010 06:56:35 GMT
Hi Scott,

That helps. Thanks.

James

On Thu, Jul 8, 2010 at 2:40 PM, Scott Gifford <sgifford@suspectclass.com>wrote:

> On Thu, Jul 8, 2010 at 2:28 AM, James Corteciano <james@linux-source.org>wrote:
> [ ... ]
>
>> I am just concern about security matters that will produce if I will give
>> the user full access on .htaccess (AllowOverride All) on their webroot?
>>
>
> AllowOverride All effectively allows a user who can create a .htaccess file
> to access any file the Web server can read, and execute any code they would
> like to as the Web server user.  From a security perspective it's equivalent
> to giving the user a shell as the Web server user.  That may or may not be
> consistent with your security objectives.
>
> Hope this helps!
>
> -----Scott.
>
>

Mime
View raw message