httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: vote status
Date Thu, 15 Feb 1996 17:51:00 GMT
Here are the rest of my votes:
23b.mmap               1
56.alias_userdir      -1

  Two reasons:
  1: There is appears to be a security hole:
       char redirect[256];
       sprintf(redirect, "%s%s%s%s", x, w, userdir, dname);
  where dname is the rest of the URL after the ~user bit
  
  2: I think the syntax is overly cumbersome:
  URL: http://myserver/~bar/one/two.html
  a. UserDir public_html      -> ~bar/public_html/one/two.html
  b. UserDir /usr/web         -> /usr/web/bar/one/two.html     
  c. UserDir /home/*/www     -> /home/bar/www/one/two.html
  
  These are ok, but
  
  d. UserDir http://x/users   -> (302) http://x/users/bar/one/two.html
  e. UserDir http://x/*/y     -> (302) http://x/bar/y/one/two.html
  
  these are too confusing. This should be provided by updating the
  Redirect syntax, to something like
  Redirect /~* http://other.com/users/
  
  Not only is it simpler, but it is also much closer to the syntax that
  NCSA die-hards are used to.

61a.preserve_redirect  1
62a.escape_html        1
66.htaccess-cache      1
68b.strftime           1
73a.mod_actions        1

  [Should this be compiled in by default, or should it be commented out of
   Configuration?]

74.icons               1
75.icons               1
77.user_name           1
78.preserve_redirect  -1

I think this breaks custom error responses for POST queries.

85.lost_conn           1
86a.scoreboard_into_l  1
90g.keepalive          0 [but I'd like to give -1]
Problems: it doesn't free memory between requests because it preserves
data from earlier requests; this is wrong as HTTP is meant to be stateless
(currently). I'm also concerned as to how it would cope with NPH scripts
and also if an error occurs for a POST requests, resulting in the supplied
data not being read.

91.config_dns          1
92.alias_htaccess      1
94a.httpd_monitor      (not tested)
97.proxy-03            1
98.errorlog            1
99b.bind               1
100d.os2_port          0
101.add_strerror_to    1
apache-msql-demo       not tested
logresolve.c           1
mod_alias_map.c       -1 for src/, 0 for contrib/ I couldn't understand what
                         it does!
mod_auth_anon.c       -1

This simply does not work for; the module always seems to decline access

mod_auth_db.c          not tested
mod_auth_msql.c        not tested, shouldn't this be in contrib/ ?
mod_cern_meta.c        0, but +1 if the compilation warning is fixed by
                       using strrchr() instead of rindex()


 David.

Mime
View raw message