security risks in using dynamic .htaccess ?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    security risks in using dynamic .htaccess ?

    Below is an example of how to change your Status Code 404 page to 3 different random pages:
    something-else1.php, something-else2.php, something-else3.php

    PHP Code:
    <?php
    $fh     fopen('.htaccess''w') or die('cant open file');
    fwrite($fh'ErrorDocument 404 /something-else'.rand(3).'.php');
    fclose($fh);
    ?>
    I was wanting to using use it with modrewrite to make a dynamic set of rules which will be wrote to .htaccess for different users of the site but is it to much of a security risk?
    and also will this lag the server?
    Last edited by something else; 15.07.11, 03:28.
    Tags: .htaccess, dynamic, security
    #2
    What if one user is opening some page on server while other users action has initiated a .htaccess file writing. Would htaccess be available from the server during that transition period? What would happen ? :p

    Added after 2 minutes:

    Also, Instead of going all the way to edit htaccess, why not make a certain 404 page and use random values to show up a dynamic random end result? just my thought
    Last edited by morse; 15.07.11, 08:15.
    tinyurl.com/earnbymobile
    Easy earning for Indians
    ---------------------
    Alternative mobile advertising network .. Minimum 100 USD pay / NET15 pay cycle, Good Brand, Best targeting for Android
    goo.gl/6vub3

    Comment

      #3
      yeah good point 2 users could be using .htaccess at same time so it could mess up ...... the 404 page was just a quick example to make sure it works ....
      but you could use it for things like banning an ip range etc....

      the security flaw that i was most worried about is if someone manages to hack it and turn .php extension off making your script visible to everyone :/

      normally i would be able to use modrewrite to make a set of rules but the server that the script is on has very limited mod rewrite allowed and this is the only way i can think to get around it.

      Comment

      Previous template Next
      Working...
      X