httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: double slashes (was Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux)
Date Mon, 06 Nov 1995 10:51:00 GMT
>Aram --- THERE IS NO BUG.  As to the problems introduced by David's "fix",
>they are caused not by pages on my site, but rather to pointers to them
>elsewhere over which I have no control.
>
>If there were a genuine bug, as in *misbehavior*, then I would be willing
>to contemplate breaking those pointers to fix it.  There is not.  No bug,
>no fix.  -1.

RST: THERE IS A BUG. Apache is NOT compatible with NCSA httpd in this
respect. This has already caused one site to suffer consequences of
a security hole.

Users are coming to your site using 'wrong' pointers. If you have relative
links in your pages, then they are likely to getting be poor service from your
site. Is this what you want? Not that I'm suggesting that my fix would help
these people, but there IS a (separate) problem here.

 David.

Mime
View raw message