I've got a Joomla site www.siteA.com and the other Joomla site www.siteA.com/siteB.

I've got a .htaccess -file at siteA, although not at siteB.

Could it be a burglar risk not have b .htaccess -file at siteB?

.htaccess files are utilized to override configurations otherwise occur the apache configuration. For those who have nothing you need to change, then you do not need (and should not have) an .htaccess file.

The .htaccess file written for Joomla! is principally for mod_rewrite reasons to get the SEF Web addresses without /index.php/ stuck in the centre. You will find some additional rules inside to thwart off attacks that occur with either misconfigured servers or poorly coded third party extensions. There is no need to make use of this file to safeguard the core Joomla! system. Here's your last type of defense instead of the first.

Do you can get the primary server configuration files? If that's the case, you should not be utilising .htaccess files whatsoever. It is a security risk not have your server set up correctly, but everything configuration ought to be completed in the primary configuration file (like /etc/apache2/httpd.conf for instance).

Without having accessibility primary server configuration files, it's most likely not really a security risk not to possess a .htaccess file. Typically whomever authored the primary server configuration file did not leave any major security holes (well, a minimum of hopefully so). However it is dependent around the more knowledge about your site. For example, the primary server might be set up to permit directory entries when there is no index file inside a directory. That may be a security risk for those who have files you don't want anybody to locate accidentally, but otherwise there is no harm inside it.

.htaccess files are configuration files accustomed to set choices on a per directory level. The options (and much more) might be set in the primary apache configuration (frequently in /usr/local/etc/apache*). Should you own your server and also have setup your Apache configuration correctly it might really be considered a gain to disable .htaccess for performance reasons.

Not correctly setting up permissions is generally a security risk. The way you set them can be you. Many people prefer getting .htaccess enabled so that they can keep application specific configurations together.

To reply to your particular question about Joomla: the .htaccess file provided automatically (last I checked) only does URL spinning. This gives near-zero security benefit so not getting b .htaccess file should not be any problem.

Lastly it is dependent on which you mean by secure (along with just about any question relevant to security).

Could it be a burglar risk to USE an htaccess file? I submitted an htaccess file to some public web folder at the office to limit a webpage to staff only, but was told which i should not be utilising htaccess files or programming or I'll stuff in the whole website and risk security. I made use of the conventional htaccess file I have used before at the office in the areas without any problems. What did the website owner mean once they stated 'using htaccess is really a security risk'?