does mod_rewrite creates security problems?

[corbeeresearch]

If you enable mod_rewrite, does it creates insecurity problems?

 

My friend says on a VPS, when you enable mod_rewrite, the whole htdocs will become writable.

 

Is this true?

 

And if it is, how do you fix it?

 

Thanks

[trq]

My friend says on a VPS, when you enable mod_rewrite, the whole htdocs will become writable.

 

Is this true?

 

Your friend doesn't know what they are talking about.

[corbeeresearch]

So there are no cases of insecurites if mod_rewrite is enabled? The server uses Apache 2.2

[trq]

There is nothing inherently insecure about having mod_rewrite enabled, that's not to say it is secure either. Like most things to relating to servers, care must be taken to configure it properly.

[corbeeresearch]

Thanks! I got clarified a lot after reading your post

[PFMaBiSmAd]

There are not very many ways that you can write to a server's disk without some kind of authorization or a helper service/application/script present on the server to perform the action.

 

I would recommend that you ask your friend for a verifiable example or a working demonstration of how he believes this can be accomplished. Just a general unsubstantiated statement that enabling mod_rewrite allows writing somewhere on a server's disk is, well, unsubstantiated.