WebApp Sec mailing list archives

RE: htaccess with apache

From: Tim Greer <chatmaster () charter net>
Date: 05 Nov 2003 10:49:46 -0800

On Wed, 2003-11-05 at 10:36, MTeixeira () njtransit com wrote:

I agree with Antonio.  Just because the default is to allow it, it doesn't mean it should be left alone.
 Unfortunately, it's the case with many other issues where the default isn't good enough.


No one said that default is best.  However, it's trivial at best and you
shouldn't have every user on the system use the same user/group for CGI
(and/or PHP) anyway.  Provided you deny users from being able to do
anything on a secured system anyway, this is trivial to try and a moot
point.
-- 
Tim Greer <chatmaster () charter net>

Current thread:

Re: htaccess with apache, (continued)
- - - Re: htaccess with apache Tim Greer (Nov 11)
    - Re: htaccess with apache Tim Greer (Nov 11)
- Re: htaccess with apache Vladimir Danilyuk (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Peter Conrad (Nov 04)
- Re: htaccess with apache Lucas Holt (Nov 04)
- Re: htaccess with apache Cameron Green (Nov 04)
- RE: htaccess with apache Anonymous Sender (Nov 04)
- RE: htaccess with apache Maxim Kostioukov (Nov 04)
- RE: htaccess with apache MTeixeira (Nov 05)
  - RE: htaccess with apache Tim Greer (Nov 05)
  - RE: htaccess with apache Dinis Cruz (Nov 11)
    - RE: htaccess with apache Tim Greer (Nov 11)