Re: AllowOverride: Pros and Cons

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Scott, 

That helps. Thanks.

James

On Thu, Jul 8, 2010 at 2:40 PM, Scott Gifford <sgifford@xxxxxxxxxxxxxxxx> wrote:
On Thu, Jul 8, 2010 at 2:28 AM, James Corteciano <james@xxxxxxxxxxxxxxxx> wrote:
[ ... ]
I am just concern about security matters that will produce if I will give the user full access on .htaccess (AllowOverride All) on their webroot?

AllowOverride All effectively allows a user who can create a .htaccess file to access any file the Web server can read, and execute any code they would like to as the Web server user.  From a security perspective it's equivalent to giving the user a shell as the Web server user.  That may or may not be consistent with your security objectives.

Hope this helps!

-----Scott.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux