httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: beta news ?
Date Wed, 19 Apr 1995 18:18:00 GMT
>You've all gone quiet.

Well, I haven't received any mail for a day or so. I think some machine must
have eaten it whilst our network was broken.

Current bugs that I can think of (in no particular order):
* handling of bad URLs:
  does not fault requests like /../xxx
  does not fault requests for filenames (not paths) containing '/' or '\0'

* handling of 'different' URLs which break relative links:
  does not fault or redirect /file.html/
  does redirect a request for "" - should either fault or not redirect
  silently ignores null path segments; should fault or redirect; e.g.
  /dir//file.html

* server-side include bugs:
  security leak when a protected doc includes another protected doc in a
  different realm
  sets (and logs?) the REMOTE_USER when including or execing a non-protected
  doc from a protected one.

* miscellaneous
  strange error messages; 'no multi in directory' instead of 'file not found'?

These are mostly minor. I'm sure there are plenty of others.

 David.

Mime
View raw message