You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by ka...@suvi.kas.utu.fi on 2002/04/08 07:48:57 UTC
Disabling Perl*Handlers in .htaccess?
Hello!
How to enable only PerlSetVar/PerlAddVar directives in .htaccess files?
More specific:
We are building an multiuser environment with mod_perl to our
campus. Mod_perl handlers contain especially PerlHandlers configured in
httpd.conf. The .htaccess files are used for authorization (require
user/group) and some tailoring (PerlSetVar/PerlAddVar) allowed for all
users at their home directories.
However, the security risks are quite obvious when .htaccess contains
directives like PerlHandler:
PerlHandler "sub {`touch /tmp/xxx`}"
How to enable only PerlSetVar/PerlAddVar directives in .htaccess files?
--
Kari Nurmela,
kari.nurmela@utu.fi, (02) 333 8847 / (0400) 786 547