[Pmwiki-users] more thoughts on .htaccess

Neil Herber nospam
Tue Dec 7 09:26:44 CST 2004


At 2004-12-07  09:03 AM -0700, Patrick R. Michaud is rumored to have said:
>And any risk from the configuration files that might exist can be
>virtually eliminated by making sure the beginning of the file reads...
>
>    <?php if (!defined('PmWiki')) exit();
>
>All PmWiki scripts have this, as well as any cookbook scripts that I
>write/publish.  But even without these lines, the risk is quite small
>for normal installations (with or without the .htaccess).

Given that:
* the risk is relatively small
* not all servers support .htaccess
* Apache 2 by default disables .htaccess
* we want PmWiki to be easy to install
* making .htaccess in "local/" part of the default PmWiki install requires a
         note to make sure that future upgrades don't clobber it

I suggest that .htaccess be removed from the default install and that the 
page PmWiki/Security have an entry added that describes how to install and 
activate it on Apache or other servers that use .htaccess. (I think both 
Sambar and Xitami use .htaccess). I am more than willing to contribute such 
a page, but I would want someone like Jo Durchholz to check the Apache 
descriptions.


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 




More information about the pmwiki-users mailing list