WebApp Sec mailing list archives
RE: htaccess with apache
From: Tim Greer <chatmaster () charter net>
Date: 05 Nov 2003 10:49:46 -0800
On Wed, 2003-11-05 at 10:36, MTeixeira () njtransit com wrote:
I agree with Antonio. Just because the default is to allow it, it doesn't mean it should be left alone. Unfortunately, it's the case with many other issues where the default isn't good enough.
No one said that default is best. However, it's trivial at best and you shouldn't have every user on the system use the same user/group for CGI (and/or PHP) anyway. Provided you deny users from being able to do anything on a secured system anyway, this is trivial to try and a moot point. -- Tim Greer <chatmaster () charter net>
Current thread:
- Re: htaccess with apache, (continued)
- Re: htaccess with apache Tim Greer (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)
- Re: htaccess with apache Vladimir Danilyuk (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Peter Conrad (Nov 04)
- Re: htaccess with apache Lucas Holt (Nov 04)
- Re: htaccess with apache Cameron Green (Nov 04)
- RE: htaccess with apache Anonymous Sender (Nov 04)
- RE: htaccess with apache Maxim Kostioukov (Nov 04)
- RE: htaccess with apache MTeixeira (Nov 05)
- RE: htaccess with apache Tim Greer (Nov 05)
- RE: htaccess with apache Dinis Cruz (Nov 11)
- RE: htaccess with apache Tim Greer (Nov 11)