AllowOverride for users via .htaccess on vps

I'm trying to set Apache conf so that the default for new accounts has
AllowOveride features for .htaccess, users should only be able to do things
that are similar to that below in .htaccess

RewriteCond, RewriteRule, DirectoryIndex, ErrorDocument, AddType, AddHandler
php_flag session.use_trans_sid off, php_value "register_globals" "1"
AND common Options directives

What is best option for AllowOverride, and how should it be set?
(i.e. <virtualhost> in httpd.conf)
To be sure AllowOverride set to ALL would pose some sort of security risk??

I'm confused, is this set in <virtualhost> in main .conf or www.domain.conf?

CentOS 4
Apache 1.3.36, and 1.3.34 updated.

Thanks guys,
LinWeb
linwebAsked:
Who is Participating?
 
ahoffmannCommented:
> What is best option for AllowOverride, ..
NONE
'cause if you allow that to be done by users, then your server is open to countless threats configured by the user, and more worse: each user configuration compromises the whole server (in particular all other users).
Believe me, you won't do that.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.