Page 1 of 1

Allowing access to .htaccess

Posted: Sat Apr 30, 2005 12:57 pm
by ashley
Hello, I have a question about the possible security problems related to allowing a user access to their Access File, otherwise known as an .htaccess file.

The php script in question would only be allowed to write directives about the location of files/resources (marking pages gone, or available under a different url, etc), as well as only allowing internal redirects. The script wouldn't be allowed to write anywhere but within a specific section, between two specific hash-comments.

Obviously it would be password protected.

Is there any security difference between handling password protection between apache (using a passwd file) and using strictly php; either a database or a flat-file?

What should I look out for?

Is this just an overall bad idea?

Any other suggestions?