httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44173] New: - Deny access to backup ~ files by default
Date Sun, 06 Jan 2008 01:18:36 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44173>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44173

           Summary: Deny access to backup ~ files by default
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Runtime Config
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: samuel@slbdata.se


Many text editors (gedit, emacs) create backup files by default (like
"hello.shtml~"). Such files are probably not intended to be served, and serving
them can create various problems:

Because Apache might have been set up to detect MIME types and handlers based on
the file extension (which ends in ~ for backup files), it could make incorrect
decisions when such backup files are to be served. This can potentially be a
security issue, if a the file is a script that contains sensitive information
(like database passwords) in its source code.

Unless there is a good reason for serving backup~ files, I think the default
configuration should be changed to deny access them.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message