Posted by Schraalhans Keukenmeester on 06/08/07 17:23

At Fri, 08 Jun 2007 12:27:01 +0000, runderwo@mail.win.org let h(is|er)
monkeys type:

> On Jun 8, 1:27 am, Schraalhans Keukenmeester
> <Schraalh...@the.spamtrapexample.nl> wrote:
>> At Wed, 06 Jun 2007 22:18:39 +0000, runde...@mail.win.org let h(is|er)
>> monkeys type:
>>
>> > Okay, AllowOverrides Options will also do the trick, but that also
>> > lets the user enable ExecCGI and Includes
>>
>> Not necessarily.http://httpd.apache.org/docs/2.0/mod/core.html#options
>
> I guess I don't see how the link contradicts my statement. If
> AllowOverrides Options is in effect, the user can stick Options
> +ExecCGI +Includes in his .htaccess, which I don't want, because those
> would allow him to execute code with web server's privilege -- no help
> from suexec there.

You're right, my bad, for a moment I thought the (dis-)allowed sub-options
could be specified in the AllowOverride clause. Which isn't the case, of
course. My bad.

Sh.

--
Schraalhans Keukenmeester - schraalhans@the.Spamtrapexample.nl
[Remove the lowercase part of Spamtrap to send me a message]

"strcmp('apples','oranges') < 0"

[Back to original message]