Allowing access to .htaccess
Posted: Sat Apr 30, 2005 12:57 pm
Hello, I have a question about the possible security problems related to allowing a user access to their Access File, otherwise known as an .htaccess file.
The php script in question would only be allowed to write directives about the location of files/resources (marking pages gone, or available under a different url, etc), as well as only allowing internal redirects. The script wouldn't be allowed to write anywhere but within a specific section, between two specific hash-comments.
Obviously it would be password protected.
Is there any security difference between handling password protection between apache (using a passwd file) and using strictly php; either a database or a flat-file?
What should I look out for?
Is this just an overall bad idea?
Any other suggestions?
The php script in question would only be allowed to write directives about the location of files/resources (marking pages gone, or available under a different url, etc), as well as only allowing internal redirects. The script wouldn't be allowed to write anywhere but within a specific section, between two specific hash-comments.
Obviously it would be password protected.
Is there any security difference between handling password protection between apache (using a passwd file) and using strictly php; either a database or a flat-file?
What should I look out for?
Is this just an overall bad idea?
Any other suggestions?