[Pmwiki-users] more thoughts on .htaccess
Neil Herber
nospam
Tue Dec 7 09:26:44 CST 2004
At 2004-12-07 09:03 AM -0700, Patrick R. Michaud is rumored to have said:
>And any risk from the configuration files that might exist can be
>virtually eliminated by making sure the beginning of the file reads...
>
> <?php if (!defined('PmWiki')) exit();
>
>All PmWiki scripts have this, as well as any cookbook scripts that I
>write/publish. But even without these lines, the risk is quite small
>for normal installations (with or without the .htaccess).
Given that:
* the risk is relatively small
* not all servers support .htaccess
* Apache 2 by default disables .htaccess
* we want PmWiki to be easy to install
* making .htaccess in "local/" part of the default PmWiki install requires a
note to make sure that future upgrades don't clobber it
I suggest that .htaccess be removed from the default install and that the
page PmWiki/Security have an entry added that describes how to install and
activate it on Apache or other servers that use .htaccess. (I think both
Sambar and Xitami use .htaccess). I am more than willing to contribute such
a page, but I would want someone like Jo Durchholz to check the Apache
descriptions.
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list