.htacess security
Are .htaccess files secure? I don't want users to be able to use perl.../perl sections or any other mod_perl constructs (setting scripts to run via the Registry, for example) in .htaccess files. However, I need .htaccess files turned on so users can password protect directories site-wide (so I can't shut .htaccess files off completely.) Is there any need to worry? I can't have users writing any code that will be executed by the primary httpd process ... all user CGI execution is done via mod_cgi and SuEXEC. Thanks, -Rob Giseburt Random Quote: "When the chips are down, the buffalo is empty." (author unknown)
Re: .htacess security
On 8/3/2000 9:54 AM, Erich L. Markert at [EMAIL PROTECTED] wrote: Damn good question... I know the default apache config has a rule that prevents .htaccess files from being accessed via a URL but not from within an embedded. One way around this would be to use a database to handle accounts and use Apache::AuthDBI and then place directory access restrictions in your httpd.conf I'd like to avoid that approach if at all possible. I want the users to have a 'standard apache interface' experience ... where the way to add/remove passwords to a directory is via .htaccess. But, a web-interface to directory access might look better... One extra question: Can I turn on mod_perl SSI and have normal SSI calls at the same time? In other words, can I have one page (file.pshtml maybe) parsed by perl-extended SSI and another (file.shtml) be parsed by normal (without perl, mod_ssi?) SSI? -Rob Giseburt Random Quote: "Change is inevitable, except from a vending machine." (author unknown)
User directive
I want to modify the User cofiguration directive in a perl handler ... for example in a PerlTransHandler. I'm trying to use mod_perl to implement Named Virtual Hosting, and I have everything I need done except User and Group mapping so that SuEXEC will pick up the correct user and group to setuid the non-mod_perl CGI execution to. I cannot find what variable to change. I know that in a Perl.../Perl section it's simple $User, but in a PerlTransHandler context it seems you can only view it via $r-server-uid. Any suggestions? Thanks, -Rob Giseburt Random Quote: "He who laughs last, thinks slowest." (author unknown)