I read somewhere that you should make sure Apache is configured to not allow symbolic links to be followed outside the webroot, as this can compromise security.
I can imagine how this could lead to a security risk:
eg:
- Is my assumption correct? -- Is it nothing more than: "its just bad practice, because it leaves you open to make such above ^ mistakes"? Or is it more technically complicated and truly a direct security threat?
- Are all symbolic links bad news inside of Apache served spaces? Eg. what about symbolic links linking to another directory within the web root?
- I like symbolic links -- this would be a pain to have to avoid!
Thanks for the help!