Community Forums
Connect with us on LinkedIn
Community Notice
AllowOverride Risk Factor
  

View Poll Results: AllowOverride risk factor

Voters
7. You may not vote on this poll

  • Risk factor high, allows .htaccess over ride

    3 42.86%

  • Risk factor low , doesnt seem to matter to much to most hosters

    2 28.57%

  • Risk factor none ; no problem with that at all

    2 28.57%

  • Risk ? Who cares

    0 0%
+ Reply to Thread
Results 1 to 3 of 3
  1. 03-21-2006 03:00 AM #1
    gorilla
    gorilla is offline
    cPanel Partner NOC cPanel Partner NOC Badge gorilla's Avatar
    Join Date
    Feb 2004
    Location
    Sydney / Australia
    Posts
    732

    Default AllowOverride Risk Factor

    Whats the general consent regarding AllowOverride ?
    As one of the scripter from fantastico tryes to tell me that "AllowOverride ALL" in httpd.conf is not a security risk .
    Last edited by gorilla; 03-21-2006 at 03:05 AM.
    Regards
    WiredGorilla
    Australian Dedicated Servers | Web Hosting | WiredGorilla.com
    Reply With Quote Reply With Quote
  2. 03-21-2006 09:40 AM #2
    gorilla
    gorilla is offline
    cPanel Partner NOC cPanel Partner NOC Badge gorilla's Avatar
    Join Date
    Feb 2004
    Location
    Sydney / Australia
    Posts
    732

    Default

    or am i just beeing simply paranoid ?
    Regards
    WiredGorilla
    Australian Dedicated Servers | Web Hosting | WiredGorilla.com
    Reply With Quote Reply With Quote
  3. 03-22-2006 11:30 AM #3
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    It's a security risk if it allows end-users to do things you don't want them to as part of your security model. Best practice is to allow only what you want to happen, rather than leaving the door open and inviting burgulars in. There's some interesting thoughts about AllowOverride here:
    http://www.onlamp.com/pub/a/apache/2...pacheckbk.html
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
    Reply With Quote Reply With Quote
«   Cpanel for Subdomains | Add a secondary DNS non cpanel »     
Similar Threads & Tags
Similar threads

  1. Where to set AllowOverride All for .htacess?
    By devGOD in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 07-25-2011, 06:36 PM
  2. Two-factor authentication for admins
    By nowen in forum Security
    Replies: 0
    Last Post: 07-10-2009, 12:28 PM
  3. AllowOverride: how and where?
    By edenent in forum Database Discussions
    Replies: 5
    Last Post: 07-03-2009, 10:29 PM
  4. AllowOverride None changes back to All for <Directory />
    By micron in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 05-18-2006, 02:43 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube