httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@nueva.pvt.k12.ca.us>
Subject Re: BIG: WWW Form Bug Report: "Security vulnerability with errordocument in .htaccess" on Solaris 2.x (fwd)
Date Wed, 08 May 1996 03:35:20 GMT
On Tue, 7 May 1996, Ben Laurie wrote:

> Hmm, yes. And it will almost certainly apply to 1.0.5. I imagine that other
> related attacks may be possible, too. We must view every open() with extreme
> cynicism. Perhaps we need a secure_open() function?

Maybe so, but doesn't apply to 1.0.5 at all. Allowing ErrorDocument in
.htaccess files is a 1.1 feature.

-- 
________________________________________________________________________
Alexei Kosut <akosut@nueva.pvt.k12.ca.us>      The Apache HTTP Server
URL: http://www.nueva.pvt.k12.ca.us/~akosut/   http://www.apache.org/
 
      "War does not determine who is right, only who is left."


Mime
View raw message