Received: by taz.hyperreal.com (8.6.12/8.6.5) id FAA18744;
 Mon, 6 Nov 1995 05:40:27 -0800
Received: from gw.steam.com by taz.hyperreal.com (8.6.12/8.6.5) with ESMTP id
 FAA18738; Mon, 6 Nov 1995 05:40:25 -0800
Received: from cass41 (cass41.ast.cam.ac.uk [131.111.69.186]) by gw.steam.com
 (8.6.10/8.6.9) with SMTP id FAA00458 for <new-httpd@hyperreal.com>;
 Mon, 6 Nov 1995 05:20:32 -0800
Received: from mamba.ast.cam.ac.uk by cass41 with smtp
	(Smail3.1.29.1 #9) id m0tCP96-000CM1C; Mon, 6 Nov 95 10:51 GMT
Received: by mamba.ast.cam.ac.uk (Smail3.1.29.1 #9)
	id m0tCP95-0000miC; Mon, 6 Nov 95 10:51 GMT
Message-Id: <m0tCP95-0000miC@mamba.ast.cam.ac.uk>
Date: Mon, 6 Nov 95 10:51 GMT
From: drtr@ast.cam.ac.uk (David Robinson)
To: new-httpd@hyperreal.com
Subject: Re: double slashes (was Re:  WWW Form Bug Report: "Security bug
 involving ScriptAliased directories" on Linux)
Content-Length: 806
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

>Aram --- THERE IS NO BUG.  As to the problems introduced by David's "fix",
>they are caused not by pages on my site, but rather to pointers to them
>elsewhere over which I have no control.
>
>If there were a genuine bug, as in *misbehavior*, then I would be willing
>to contemplate breaking those pointers to fix it.  There is not.  No bug,
>no fix.  -1.

RST: THERE IS A BUG. Apache is NOT compatible with NCSA httpd in this
respect. This has already caused one site to suffer consequences of
a security hole.

Users are coming to your site using 'wrong' pointers. If you have relative
links in your pages, then they are likely to getting be poor service from your
site. Is this what you want? Not that I'm suggesting that my fix would help
these people, but there IS a (separate) problem here.

 David.