httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: double slashes (was Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux)
Date Sun, 05 Nov 1995 15:57:00 GMT
>Unfotunately, David's patch *does* break something, to wit, the
>following entry from my access restrictions:
>
>  <Directory /com/web/docs/xperimental/info-gateway/abs>
>  <Limit GET>
>  order deny,allow
>  deny from all
>  allow from 128.52
>  </Limit>
>  </Directory>

I never imagined anyone doing that! However, I suppose it might be useful,
so I prefer your latest patch.

>However, I am increasingly convinced that this simply isn't worth "fixing"
>--- the problem only arises with certain oddball configurations which 
>people can simply be told to avoid, and *any* attempt to fix it seems to
>cause problems at least as severe.

This _is_ a bug, and should be fixed. I might not consider it a 'showstopper',
but I think it would be peverse not to fix it in 0.8.17, (or, for that matter,
any other bugs for which we have patches.)

 David.


Mime
View raw message