On Sat, 2011-11-19 at 01:46 +0200, Graham Leggett wrote: > On 19 Nov 2011, at 12:38 AM, William A. Rowe Jr. wrote: > > > After several prods, it seems the security@ and hackathon participants > > can't be drawn out of their shells on to dev@. So I'll simply call > > for > > a majority vote on the following statement... > > > > Resource abuse of an .htaccess config in the form of cpu/memory/ > > bandwidth; > > > > [X] Represents a security defect > > [ ] Is not a security defect > > The config is clearly demarcated into two types, a "trusted" config > loaded at startup time rooted at /etc/httpd (or wherever), and a > limited "untrusted" config placed into .htaccess files within the > content and loaded at runtime. If we were to declare .htaccess as > containing "trusted" content only, most of the point behind .htaccess > is lost. The trusted admin simply needs to merge .htaccess into the > main config, and he gains load-on-startup and copy-on-write, there is > little point in one common administrator scattering their config in > two separate places or mechanisms. > > The people given the power to change both .htaccess and content are > typically customers of a hosting company, or employees at a corporate, > and admins are generally not comfortable exposing themselves to > avoidable risk from either group. That said, I do concede that these > two groups are more trusted than the typical end user who might access > a site, but I still believe we should fix .htaccess problems as > reported where it is practical to do so to bring the risk as low as is > practical. >
Agree completely with Graham
signature.asc
Description: This is a digitally signed message part
