i m using .htaccess file for that i have to change AllowoverRide from none to all...!!
i just want to know does it can effect security of appache server..??
sam023
0
Junior Poster
Atli
182
Posting Pro
Of course.
If you leave it at none, nobody can alter any .htaccess settings, which is always more secure than allowing anybody to alter any of them.
But in general the .htaccess files are fairly secure, even when the AllowOverride is set to all. You just need to make sure nobody is able to alter them via a broken file-upload script (or other such holes), or an insecure file permission setting.
The most secure thing, really, would be to create a secure user, apart from the FTP or Apache users or groups, have that user create the .htaccess file and deny anybody except that user write permission on it. You would of course have to give everybody read access on it, but that is hardly a security threat, unless you use it to store something that needs to stay hidden. (Note, Apache excludes .htaccess files from being visible to web-requests, so nobody without access to the server through other means would be able to read it.)
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.