On Sun, December 3, 2006 5:22 am, Tony Marston wrote: > > ""Richard Lynch"" <ceo@xxxxxxxxx> wrote in message > news:63703.209.254.223.2.1165095595.squirrel@xxxxxxxxxxxxxxxx >> On Sat, December 2, 2006 5:31 am, Tony Marston wrote: >> I think it is quite possible for a sysAdmin to configure >> AllowOverride >> and .htaccess in such a way that "too much" latitude is granted to >> their clients to access each others' data... > > I disagree. What directives can give you access to other people's > data? I believe I once managed to track down a bit of data using FollowSymlink for a client that wasn't available otherwise. In our case, it was data they actually had a legal/moral right to see, but technical snafus were in the way. Presumably all the other combinations of AllowOverride are not there just for the sheer fun of complexity by the Apache team. I'm betting that at least some of them have security trade-offs in mind, and are not just about random features nor performance. >> And there is alleged to be a significant performance loss to >> .htaccess, so a hurried sysAdmin may have over-simplified their >> decision process... > > "Alleged" is the word. Where are the figures to support this? While > there is > "some" performance loss, with the speed of today;'s PCs can this > really be > considered as "significant"? I don't have benchmarks. Do you? -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php