httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41760] - .htaccess file ignored if AllowOverride None is used
Date Mon, 05 Mar 2007 20:53:28 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41760>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41760


unruh@physics.ubc.ca changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |




------- Additional Comments From unruh@physics.ubc.ca  2007-03-05 12:53 -------
If you say so. In that case it must be true that AllowOverride default has
changed. However, in my case a .htaccess file exists in the directory, but
AllowOverride was none, and all of the files in that directory were accessible
by everyone. That is simply wrong behaviour. It should work the same as if the
.htaccess file is unreadable but there-- ie permission denied, not allowed. 

I do not have my old httpd.conf files so do not know if the default has changed,
but it certainly used to be the case that the .htaccess files controlled the
access to teh directory, and I certainly never recall altering the AllowOverride
parameter. But the way it works now is just wrong. The default should not be
universal access even in the presence of an .htaccess file. 
Security should be conservative, not liberal.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message