Brett Wright wrote: > Thats quite a nice way of doing it, but that still doesnt stop users from > uploading htaccess.txt and then renaming it on the server using there FTP > client. > > It looks almost impossible to stop users doing this, basically it gives > them the same access as what shell would.
Easy way, as I mentioned in an earlier reply, install a root-owned .htaccess file in the /web folder. Then your site-admin won't be able to upload one. Jeff -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
