On Sep 30, 2011 11:43 AM, "John R Pierce" <pierce@xxxxxxxxxxxx> wrote:
>
> On 09/30/11 9:26 AM, Trey Dockendorf wrote:
> > However they also
> > want to have the CMS write to the .htaccess files to dynamically control
> > which users can access the dowloads portion of the sites. That Im
strongly
> > against.
>
> CMS systems almost always use their own authentication and downloading
> mechanisms, they don't rely on .htaccess for anything other than
> possibily configuring whatever specific apache settings they need
> (cgi-bin, etc)
>
> --
> john r pierce N 37, W 122
> santa cruz ca mid-left coast
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
I agree, unfortunately my role is the sysadmin for this project, not the
developer. Im running dozens of instances using Drupal, Wordpress and
Mediawiki all very successfully and securely without ever having to think
about these types of security measures. Once I get through the red tape of
being allowed to pen test my own servers, then I'll have a better idea how
well I've done.
- Trey
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
