Mailing List Archive

htaccess files should not be used for security restrictions
Hi guys,

I wrote a blog post about security issues related with htaccess files.
http://www.acunetix.com/blog/web-security-zone/articles/htaccess-security/

--
Bogdan Calin - bogdan [at] acunetix.com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog
Follow us on Twitter - http://www.twitter.com/acunetix

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: htaccess files should not be used for security restrictions [ In reply to ]
Thank you for the article.

All-in-all I find it to be more centric to the design of the software or
beit in this case PHP apps and not as the subject suggests ".htaccess"
files.

There are way too many "get-ritch-quick" upcoming PHP scripters out
there that are not aware or even nearly knowledgeable about the
configuration of one webserver more or less the multiple main stream
systems that are out there. Not to mention the drop-in web services that
require nearly no knowledge of what your doing that are unmanaged.

But all that set aside, and no matter what the deployed application is,
it is worthwhile to make an attempt to educate them on the possible
drawbacks of not performing certain tasks after installation.

Too bad there is no "Sensitive Information Section" in readme files and
other documentation that lists files a user/admin needs to make a
judgement on.


Anyway... informative article and thank you again.


On Wed, Aug 08, 2012 at 04:59:56PM +0300, Bogdan Calin wrote:
> Hi guys,
>
> I wrote a blog post about security issues related with htaccess files.
> http://www.acunetix.com/blog/web-security-zone/articles/htaccess-security/
>
> --
> Bogdan Calin - bogdan [at] acunetix.com
> CTO
> Acunetix Ltd. - http://www.acunetix.com
> Acunetix Web Security Blog - http://www.acunetix.com/blog
> Follow us on Twitter - http://www.twitter.com/acunetix
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

--

- (2^(N-1)) JJH48-ARIN

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/