Hello!
How to enable only PerlSetVar/PerlAddVar directives in .htaccess files?
More specific:
We are building an multiuser environment with mod_perl to our
campus. Mod_perl handlers contain especially PerlHandlers configured in
httpd.conf. The .htaccess files are used for authorization (require
user/group) and some tailoring (PerlSetVar/PerlAddVar) allowed for all
users at their home directories.
However, the security risks are quite obvious when .htaccess contains
directives like PerlHandler:
PerlHandler "sub {`touch /tmp/xxx`}"
How to enable only PerlSetVar/PerlAddVar directives in .htaccess files?
--
Kari Nurmela,
[EMAIL PROTECTED], (02) 333 8847 / (0400) 786 547
