[ https://issues.apache.org/jira/browse/COUCHDB-867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12989024#comment-12989024 ] 

joel reed commented on COUCHDB-867:
-----------------------------------

I can't think of any security implications - you specify exactly the file to serve up and we serve up just that file.

> Add http handlers for root files with special meanings, such as crossdomain.xml.
> --------------------------------------------------------------------------------
>
>                 Key: COUCHDB-867
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-867
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: HTTP Interface
>    Affects Versions: 1.0.1
>            Reporter: Eric Desgranges
>         Attachments: handle_file_req.diff
>
>
> Some files at the root level of a website have a special meaning, such as favicon.ico storing the favorite icon, which is processed correctly in the [httpd_global_handlers] section of the ini file with this instruction:
> favicon.ico = {couch_httpd_misc_handlers, handle_favicon_req, "../share/couchdb/www"}
> But this is the only one handled while other files, which are critical when to accessing the CouchDB server from Flash, Flex, Silverlight..., are missing
> - crossdomain.xml (this one should be a top priority fix!)
> - clientaccesspolicy.xml -- See http://msdn.microsoft.com/en-us/library/cc838250%28v=VS.95%29.aspx#crossdomain_communication
> And there's also 'robots.txt' to prevent search engines from accessing some files / directories.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira