[HCoop-Discuss] Domtool & .htaccess files
Adam Chlipala
adamc at hcoop.net
Sat May 9 18:47:48 EDT 2009
Philip Neustrom wrote:
> How are these providers allowing people to use .htacess files in this
> fashion? Is there a security concern here? If so, what could we do
> to mediate it? How do these providers deal with it?
>
The reason we don't support .htaccess configuration is that no admin has
yet volunteered to take the time to figure out how to set it up
securely. With Apache's default .htaccess settings, it's easy for any
user to break Apache 100% for everyone. For instance, you can set up a
proxy rule from the local server to itself, which quickly occupies every
Apache worker process when someone hits the site in question, and there
are probably other ways.
It's unlikely that anyone will take the time to address your concern
until we resolve the staffing situation that's being discussed in
another thread on this list.
More information about the HCoop-Discuss
mailing list