[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Re: SSI Vuln on cobalt

Subject: Re: [cobalt-security] Re: SSI Vuln on cobalt
From: Brett Wright <brett@xxxxxxxxxxxxx>
Date: Mon, 22 Apr 2002 13:51:27 +1200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

At 03:33 22/04/02 +0200, you wrote:

Hi Chris,

> And, as I've pointed out before, all of those cute little checkboxes are
> useless.  If I want to use SSI, all I have to do is put:
>
> AddType text/html .shtml
> AddHandler server-parsed .shtml
>
> in an .htaccess file.

IF your Apache access.conf has ...

<Directory /home/sites/>
AllowOverride All
Options All
</Directory>

... set, then who do you blame? :o) Set it to "AllowOverride None" and all
these fancy .htaccess files in /home/sites/wherever will no longer work.

--


Thanks Gerald/Chris/Michael

I realize i can set AllowOverride None but we do have a lot of frontpageusers that use the extensions, wont this affect them (there .htaccess)??


*shug* i maybe totally wrong.

References:
- [cobalt-security] Re: SSI Vuln on cobalt
  - From: Chris Adams
- [cobalt-security] SSI Vuln on cobalt
  - From: Brett Wright
- Re: [cobalt-security] SSI Vuln on cobalt
  - From: Gerald Waugh
- Re: [cobalt-security] Re: SSI Vuln on cobalt
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] Re: SSI Vuln on cobalt
Next by Date: Re: [cobalt-security] Re: SSI Vuln on cobalt
Previous by thread: Re: [cobalt-security] Re: SSI Vuln on cobalt
Next by thread: Re: [cobalt-security] Re: SSI Vuln on cobalt

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index