On Thu, Jul 8, 2010 at 2:28 AM, James Corteciano <ja...@linux-source.org>wrote: [ ... ]
> I am just concern about security matters that will produce if I will give > the user full access on .htaccess (AllowOverride All) on their webroot? > AllowOverride All effectively allows a user who can create a .htaccess file to access any file the Web server can read, and execute any code they would like to as the Web server user. From a security perspective it's equivalent to giving the user a shell as the Web server user. That may or may not be consistent with your security objectives. Hope this helps! -----Scott.
