[Leaplist] Security Audit Advice
Randall Perry
randallp at hcrn.info
Sat Dec 15 04:46:09 GMT 2007
On 12/14/07, Aaron Morrison <ae4ko at amsat.org> wrote:
>
> Good stuff. I've already thought about 95% of what you've posted (I've
> intentionally left the question open to stimulate discussion and to
> make sure I haven't left anything out).
>
> Thanks Randall.
>
Sure thing.
Also be sure to keep in mind that if Apache is configured to allow for
.htacess files in the virtual hosts directories, then they write their
own rules. They can do destructive things (like php globals on) or
useful things (like authentication for folder access).
--
*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
Randall Perry
Hope Crisis Response Network
www.hcrn.info
More information about the Leaplist
mailing list