Re: AllowOverride: Pros and Cons

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: AllowOverride: Pros and Cons
From: Scott Gifford <sgifford@xxxxxxxxxxxxxxxx>
Date: Thu, 8 Jul 2010 02:40:40 -0400
In-reply-to: <AANLkTin6Oy4N9GLSlv5pIVIS2c4j6l2IIcVBwghsQpTK@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

On Thu, Jul 8, 2010 at 2:28 AM, James Corteciano <james@xxxxxxxxxxxxxxxx> wrote:

[ ... ]

I am just concern about security matters that will produce if I will give the user full access on .htaccess (AllowOverride All) on their webroot?

AllowOverride All effectively allows a user who can create a .htaccess file to access any file the Web server can read, and execute any code they would like to as the Web server user. From a security perspective it's equivalent to giving the user a shell as the Web server user. That may or may not be consistent with your security objectives.

Hope this helps!

-----Scott.

Follow-Ups:
- Re: AllowOverride: Pros and Cons
  - From: James Corteciano

References:
- AllowOverride: Pros and Cons
  - From: James Corteciano

Prev by Date: AllowOverride: Pros and Cons
Next by Date: Re: AllowOverride: Pros and Cons
Previous by thread: AllowOverride: Pros and Cons
Next by thread: Re: AllowOverride: Pros and Cons
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]