Full Disclosure mailing list archives
Re: htaccess files should not be used for security restrictions
From: Jason Hellenthal <jhellenthal () dataix net>
Date: Wed, 8 Aug 2012 13:28:40 -0400
Thank you for the article. All-in-all I find it to be more centric to the design of the software or beit in this case PHP apps and not as the subject suggests ".htaccess" files. There are way too many "get-ritch-quick" upcoming PHP scripters out there that are not aware or even nearly knowledgeable about the configuration of one webserver more or less the multiple main stream systems that are out there. Not to mention the drop-in web services that require nearly no knowledge of what your doing that are unmanaged. But all that set aside, and no matter what the deployed application is, it is worthwhile to make an attempt to educate them on the possible drawbacks of not performing certain tasks after installation. Too bad there is no "Sensitive Information Section" in readme files and other documentation that lists files a user/admin needs to make a judgement on. Anyway... informative article and thank you again. On Wed, Aug 08, 2012 at 04:59:56PM +0300, Bogdan Calin wrote:
Hi guys, I wrote a blog post about security issues related with htaccess files. http://www.acunetix.com/blog/web-security-zone/articles/htaccess-security/ -- Bogdan Calin - bogdan [at] acunetix.com CTO Acunetix Ltd. - http://www.acunetix.com Acunetix Web Security Blog - http://www.acunetix.com/blog Follow us on Twitter - http://www.twitter.com/acunetix _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- - (2^(N-1)) JJH48-ARIN _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- htaccess files should not be used for security restrictions Bogdan Calin (Aug 08)
- Re: htaccess files should not be used for security restrictions Jason Hellenthal (Aug 09)