[HCoop-Discuss] Domtool & .htaccess files
Philip Neustrom
philipn at gmail.com
Sat May 9 19:11:14 EDT 2009
Even something ghetto would be okay for most every use case. I think
we could set some sane options in AllowOverride -- even just allowing
people set set directories and serve static / PHP would allow people
to do things like install wordpress really easily.
-philip
On Sat, May 9, 2009 at 3:47 PM, Adam Chlipala <adamc at hcoop.net> wrote:
> Philip Neustrom wrote:
>> How are these providers allowing people to use .htacess files in this
>> fashion? Is there a security concern here? If so, what could we do
>> to mediate it? How do these providers deal with it?
>>
>
> The reason we don't support .htaccess configuration is that no admin has
> yet volunteered to take the time to figure out how to set it up
> securely. With Apache's default .htaccess settings, it's easy for any
> user to break Apache 100% for everyone. For instance, you can set up a
> proxy rule from the local server to itself, which quickly occupies every
> Apache worker process when someone hits the site in question, and there
> are probably other ways.
>
> It's unlikely that anyone will take the time to address your concern
> until we resolve the staffing situation that's being discussed in
> another thread on this list.
>
> _______________________________________________
> HCoop-Discuss mailing list
> HCoop-Discuss at lists.hcoop.net
> https://lists.hcoop.net/listinfo/hcoop-discuss
>
More information about the HCoop-Discuss
mailing list