Auteur Sujet: Article Sur La Sécurité : Htaccess  (Lu 764 fois)

0 Membres et 1 Invité sur ce sujet

Hors ligne CrazyTeacher

  • Connaisseur
  • ***
  • Messages: 331
    • http://www.koi29.info
Article Sur La Sécurité : Htaccess
« le: 25 novembre 2003 à 18:06:18 »
Voici une copie d'un article sur la sécurité ; je vous le livre tel quel.
( Mon commentaire : rien de neuf sous le soleil  :o   )

Citer
Banish .htaccess from your Apache server
Mike Chapple
25 Nov 2003
This access control system uses files known as .htaccess files stored in each directory of the Web server. These files contain explicit access control entries that either grant or deny access to users or groups of users based upon their IP address, authentication status or other criteria.
While it's true that .htaccess files provide a powerful option for the delegation of security control, it's essential that administrators who don't require that level of delegation disable this functionality. Putting security control of various directories in the hands of numerous people (particularly those unskilled in the art of information security!) represents a tremendous risk to the entire system.Fortunately, disabling .htaccess files on a global basis is extremely easy. Just use the following statement in your Apache server configuration file:

<Directory />
AllowOverride None
</Directory>

It's important to ensure that your server is configured properly and that this is the only AllowOverride statement. It is permissible to override this general directive and enable .htaccess files for particular directories that require their use. In fact, this is the preferred method of enabling .htaccess when circumstances warrant. Simply set the global AllowOverride setting to None, and then provide a list of exceptions to the general rule.

Think carefully before allowing users to implement .htaccess files on your server. Is it really necessary? Unless each user requesting such access can provide a specific justification, it's safe to err on the side of denying such requests.


 
Une chose qui convainc n'est pas vraie pour autant. Elle est seulement convaincante. Remarque destinée aux ânes.  /*La Volonté de Puissance*/ Nietzsche

"Parler pour ne rien dire et ne rien dire en parlant est le principe de ceux qui feraient mieux de la fermer avant de l'ouvrir ! "     Pierre Dac

koi29.info