Hi Scott, That helps. Thanks.
James On Thu, Jul 8, 2010 at 2:40 PM, Scott Gifford <sgiff...@suspectclass.com>wrote: > On Thu, Jul 8, 2010 at 2:28 AM, James Corteciano > <ja...@linux-source.org>wrote: > [ ... ] > >> I am just concern about security matters that will produce if I will give >> the user full access on .htaccess (AllowOverride All) on their webroot? >> > > AllowOverride All effectively allows a user who can create a .htaccess file > to access any file the Web server can read, and execute any code they would > like to as the Web server user. From a security perspective it's equivalent > to giving the user a shell as the Web server user. That may or may not be > consistent with your security objectives. > > Hope this helps! > > -----Scott. > >