cPanel Forums
|
|||||||
| View Poll Results: AllowOverride risk factor | |||
| Risk factor high, allows .htaccess over ride |
   
|
3 | 42.86% |
| Risk factor low , doesnt seem to matter to much to most hosters |
  
|
2 | 28.57% |
| Risk factor none ; no problem with that at all |
  
|
2 | 28.57% |
Risk ? Who cares 
|
  
|
0 | 0% |
| Voters: 7. You may not vote on this poll | |||
 |
|
|
LinkBack | Thread Tools | Display Modes |
03-21-2006, 03:00 AM
|
||||
|
||||
|
AllowOverride Risk Factor
Whats the general consent regarding AllowOverride ?
As one of the scripter from fantastico tryes to tell me that "AllowOverride ALL" in httpd.conf is not a security risk .
__________________
Regards WiredGorilla Australian Dedicated Servers | Web Hosting | WiredGorilla.com Last edited by gorilla; 03-21-2006 at 03:05 AM.     
|
|
03-21-2006, 09:40 AM
|
||||
|
||||
|
or am i just beeing simply paranoid ?
__________________
Regards WiredGorilla Australian Dedicated Servers | Web Hosting | WiredGorilla.com
|
|
03-22-2006, 11:30 AM
|
||||
|
||||
|
It's a security risk if it allows end-users to do things you don't want them to as part of your security model. Best practice is to allow only what you want to happen, rather than leaving the door open and inviting burgulars in. There's some interesting thoughts about AllowOverride here:
http://www.onlamp.com/pub/a/apache/2...pacheckbk.html
__________________
Jonathan Michaelson cPanel Forum Moderator Need your cPanel servers secured and tuned? cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf http://www.configserver.com
|
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT -5. The time now is 10:29 AM.
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© cPanel Inc
