i m using .htaccess file for that i have to change AllowoverRide from none to all...!!
i just want to know does it can effect security of appache server..??

7 Years
Discussion Span
Last Post by Atli

Of course.
If you leave it at none, nobody can alter any .htaccess settings, which is always more secure than allowing anybody to alter any of them.

But in general the .htaccess files are fairly secure, even when the AllowOverride is set to all. You just need to make sure nobody is able to alter them via a broken file-upload script (or other such holes), or an insecure file permission setting.

The most secure thing, really, would be to create a secure user, apart from the FTP or Apache users or groups, have that user create the .htaccess file and deny anybody except that user write permission on it. You would of course have to give everybody read access on it, but that is hardly a security threat, unless you use it to store something that needs to stay hidden. (Note, Apache excludes .htaccess files from being visible to web-requests, so nobody without access to the server through other means would be able to read it.)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.