""Richard Lynch"" <ceo@xxxxxxxxx> wrote in message news:2918.67.184.122.32.1165189075.squirrel@xxxxxxxxxxxxxxxx > On Sun, December 3, 2006 5:22 am, Tony Marston wrote: >> >> ""Richard Lynch"" <ceo@xxxxxxxxx> wrote in message >> news:63703.209.254.223.2.1165095595.squirrel@xxxxxxxxxxxxxxxx >>> On Sat, December 2, 2006 5:31 am, Tony Marston wrote: >>> I think it is quite possible for a sysAdmin to configure >>> AllowOverride >>> and .htaccess in such a way that "too much" latitude is granted to >>> their clients to access each others' data... >> >> I disagree. What directives can give you access to other people's >> data? > > I believe I once managed to track down a bit of data using > FollowSymlink for a client that wasn't available otherwise. > > In our case, it was data they actually had a legal/moral right to see, > but technical snafus were in the way. > > Presumably all the other combinations of AllowOverride are not there > just for the sheer fun of complexity by the Apache team. > > I'm betting that at least some of them have security trade-offs in > mind, and are not just about random features nor performance. > >>> And there is alleged to be a significant performance loss to >>> .htaccess, so a hurried sysAdmin may have over-simplified their >>> decision process... >> >> "Alleged" is the word. Where are the figures to support this? While >> there is >> "some" performance loss, with the speed of today;'s PCs can this >> really be >> considered as "significant"? > > I don't have benchmarks. > > Do you? No, otherwise I would have quoted them. Generally speaking when people say that "X is inefficient or bad for performance" all they can prove is that if something extra is done then it takes extra processing time to perform that extra work, and they usually quote from an out-of-date source. While the time taken for Apace to process an htaccess file may have been significant on a 1Mhz processor it is barely noticeable on a 3Ghz processor. If the time taken to process an htaccess file on one of today's processors adds 0.000001 seconds to a page's load time, would that be regarded as "significant"? Would this be a small price to pay for the advantage of being able to change Apache's configuration with an htaccess file? -- Tony Marston http://www.tonymarston.net http://www.radicore.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
