On Thu, 3 Aug 2000, Rob Giseburt wrote:
> Are .htaccess files secure? I don't want users to be able to use
> <perl>...</perl> sections or any other mod_perl constructs (setting scripts
> to run via the Registry, for example) in .htaccess files. However, I need
> .htaccess files turned on so users can password protect directories
> site-wide (so I can't shut .htaccess files off completely.)
you can disable <Perl> by choosing explict options for Makefile.PL (rather
than EVERYTHING=1)
or change this line in mod_perl.h:
#define SECTION_ALLOWED OR_ALL
to:
#define SECTION_ALLOWED RSRC_CONF
p.s.
mod_perl-2.0 will let you disable things like so:
<Files ~ "^\.htaccess$">
PerlOptions -PerlSections
</Files>
