[thelist] Mod_rewrit and classic sysadmin response

David Kaufman david at gigawatt.com
Wed Dec 10 08:08:46 CST 2003


Tony Page <evolt at zamba.com> wrote:
> I need to use mod_rewrite with my Gallery software but [...]
> "We use mod_rewrit for security purposes and can not (sic) tell anyone
> how it works."
> 
> Anyone got any info on mod_rewrit [...]?

all the info you need about mod_rewrit is right there in that statement: it uses the worst form of security: obscurity.  "we can't tell you anything about it" translates to: it's only "secure" because so few people have a) of it (yet), b) seen the source code (if anyone, yet), widely tested it (yet) and/or found any bugs or security holes in it ... yet.

> [...] or ideas about workarounds?

work around #1: find a better web hosting provider: (see www.pair.com)

-dave




More information about the thelist mailing list