On Sep 30, 2011 11:43 AM, "John R Pierce" <pierce at hogranch.com> wrote: > > On 09/30/11 9:26 AM, Trey Dockendorf wrote: > > However they also > > want to have the CMS write to the .htaccess files to dynamically control > > which users can access the dowloads portion of the sites. That Im strongly > > against. > > CMS systems almost always use their own authentication and downloading > mechanisms, they don't rely on .htaccess for anything other than > possibily configuring whatever specific apache settings they need > (cgi-bin, etc) > > -- > john r pierce N 37, W 122 > santa cruz ca mid-left coast > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos I agree, unfortunately my role is the sysadmin for this project, not the developer. Im running dozens of instances using Drupal, Wordpress and Mediawiki all very successfully and securely without ever having to think about these types of security measures. Once I get through the red tape of being allowed to pen test my own servers, then I'll have a better idea how well I've done. - Trey