The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AllowOverride Risk Factor

Discussion in 'General Discussion' started by gorilla, Mar 21, 2006.

?

AllowOverride risk factor

  1. Risk factor high, allows .htaccess over ride

    3 vote(s)
    42.9%
  2. Risk factor low , doesnt seem to matter to much to most hosters

    2 vote(s)
    28.6%
  3. Risk factor none ; no problem with that at all

    2 vote(s)
    28.6%
  4. Risk ? Who cares :)

    0 vote(s)
    0.0%
  1. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    Whats the general consent regarding AllowOverride ?
    As one of the scripter from fantastico tryes to tell me that "AllowOverride ALL" in httpd.conf is not a security risk .
     
    #1 gorilla, Mar 21, 2006
    Last edited: Mar 21, 2006
  2. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    or am i just beeing simply paranoid ? :rolleyes:
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's a security risk if it allows end-users to do things you don't want them to as part of your security model. Best practice is to allow only what you want to happen, rather than leaving the door open and inviting burgulars in. There's some interesting thoughts about AllowOverride here:
    http://www.onlamp.com/pub/a/apache/2003/12/04/apacheckbk.html
     
Loading...

Share This Page