Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

htaccess files should not be used for security restrictions

 

 

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


bogdan at acunetix

Aug 8, 2012, 6:59 AM

Post #1 of 2 (184 views)
Permalink
htaccess files should not be used for security restrictions

Hi guys,

I wrote a blog post about security issues related with htaccess files.
http://www.acunetix.com/blog/web-security-zone/articles/htaccess-security/

--
Bogdan Calin - bogdan [at] acunetix.com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog
Follow us on Twitter - http://www.twitter.com/acunetix

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


jhellenthal at dataix

Aug 8, 2012, 10:28 AM

Post #2 of 2 (163 views)
Permalink
Re: htaccess files should not be used for security restrictions [In reply to]

Thank you for the article.

All-in-all I find it to be more centric to the design of the software or
beit in this case PHP apps and not as the subject suggests ".htaccess"
files.

There are way too many "get-ritch-quick" upcoming PHP scripters out
there that are not aware or even nearly knowledgeable about the
configuration of one webserver more or less the multiple main stream
systems that are out there. Not to mention the drop-in web services that
require nearly no knowledge of what your doing that are unmanaged.

But all that set aside, and no matter what the deployed application is,
it is worthwhile to make an attempt to educate them on the possible
drawbacks of not performing certain tasks after installation.

Too bad there is no "Sensitive Information Section" in readme files and
other documentation that lists files a user/admin needs to make a
judgement on.


Anyway... informative article and thank you again.


On Wed, Aug 08, 2012 at 04:59:56PM +0300, Bogdan Calin wrote:
> Hi guys,
>
> I wrote a blog post about security issues related with htaccess files.
> http://www.acunetix.com/blog/web-security-zone/articles/htaccess-security/
>
> --
> Bogdan Calin - bogdan [at] acunetix.com
> CTO
> Acunetix Ltd. - http://www.acunetix.com
> Acunetix Web Security Blog - http://www.acunetix.com/blog
> Follow us on Twitter - http://www.twitter.com/acunetix
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

--

- (2^(N-1)) JJH48-ARIN

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.