httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: Vote summary for 0.8.15
Date Fri, 03 Nov 1995 11:55:00 GMT
>FYI, I have a tentative build of 0.8.16, built according to these votes
>(barring *further* last-minute changes), in
>ftp://ftp.ai.mit.edu/pub/users/rst.

Sigh; we seem to have stalled again. Can you upload that as 0.8.16?
(At least that would make some progress.)

Outstanding problems:
1. // in paths
2. The #include file=xxx problem. Randy seems to have disappeared from this
   list. If this problem is not fixed, then the compatibility notes will
   need a big notice stating:

   SECURITY Feature: Unlike NCSA httpd or Apache 0.6.5, Web admins concerned
   about security (who would not set the FollowSymLinks option for example)
   should be concerned about allowing server-side includes in any form. With
   Apache 0.8, Options IncludesNOEXEC (and Options Includes) will allow users
   to link in any file on the machine into their documents. NCSA httpd
   (and Apache 0.6 and earlier) only allow the inclusion of files that
   the client could access anyway.


 David.

Mime
View raw message