NYCPHP Meetup

[nycphp-talk] Htaccess and php user account

Michele Waldman mmwaldman at nyc.rr.com
Mon Dec 1 23:38:12 EST 2008


Thanks to your soft, delicate input, I've been doing a little more research.

I was ps -ef on the linux server.  Php appears to be configured into the
server and the process goes down due to misconfiguration, is it not the same
process handling the htaccess?  Does that mean basically all web services
have stopped on the server and not even htaccess would protect it, leaving
the entire server vulnerable?  Or will htaccess still be working?

So, if this is a misconfiguration issue, that means if you don't have a sys
admin, that the programmer needs to learn the configuration and ensure it's
correct on the server?

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Chris Shiflett
Sent: Monday, December 01, 2008 11:29 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Htaccess and php user account

On Dec 1, 2008, at 22:30, Hans Zaunere wrote:

>> If what you experienced is a common occurrence with mod_php, I hope
>> others on this list will chime in. If it is I'm going to cease using
>> apache and mod_php in production environments.
>
> This has nothing to do with mod_php/Apache that I've ever seen.   
> It's a
> configuration issue.

Which reminds me, Brian Shire has a patch specifically to protect  
against this:

http://tekrat.com/apache/ap_source_defense/

--
Chris Shiflett
http://shiflett.org/




_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/show_participation.php




More information about the talk mailing list