On Sep 30, 2011 11:43 AM, "John R Pierce" pierce@hogranch.com wrote:
On 09/30/11 9:26 AM, Trey Dockendorf wrote:
However they also want to have the CMS write to the .htaccess files to dynamically control which users can access the dowloads portion of the sites. That Im
strongly
against.
CMS systems almost always use their own authentication and downloading mechanisms, they don't rely on .htaccess for anything other than possibily configuring whatever specific apache settings they need (cgi-bin, etc)
-- john r pierce N 37, W 122 santa cruz ca mid-left coast
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I agree, unfortunately my role is the sysadmin for this project, not the developer. Im running dozens of instances using Drupal, Wordpress and Mediawiki all very successfully and securely without ever having to think about these types of security measures. Once I get through the red tape of being allowed to pen test my own servers, then I'll have a better idea how well I've done.
- Trey