httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: notes on 1.1b4 authorization and table_set() function calls. (fwd)
Date Tue, 25 Jun 1996 19:35:50 GMT
Anyone know anything about this (the second paragraph)? I don't use
Windows, so have no experience with any of this. It sounds like the
Windows/Keep-Alive bug we've seen sometimes, but that part about "no
evidence of a connection" is somewhat startling. Any ideas?

-- Alexei Kosut <>            The Apache HTTP Server

---------- Forwarded message ----------
Date: Mon, 24 Jun 1996 20:30:35 -0400
From: Vivek Khera <>
To: Alexei Kosut <>
Subject: Re: notes on 1.1b4 authorization and table_set() function calls. (fwd) 

| It might seem to make sense, indeed, it would, as you say, reduce load on
| the authorization database. However, it would be a security hole: If the
| server returned a Not Found error prior to returning an Authentication
| Required error, a potential hacker might be able to get a map of all the

Gotcha.  I didn't think of that one.  Thanks for responding.  

It looks like 1.1b4 is still suffering the "lost connections" problem as with
1.1b3 -- every so often, a request from a Windows based machine just drops off
the network.  The netscape client on the windows machine says "host contacted
waiting for reply" but netstat on the server shows no evidence of a
connection, nor do the access or error logs show anything.  1.1b2 did not have
this problem.  It is hard to reproduce as it can happen at any time to any
request.  Other people reported it on the newsgroup, and backing out to 1.1b2
does make it work just fine.  I can't see anything in the Apache code that
should make it fail.  I'll bet anything it is a Windoze bug, but that means
the rest of the world needs to work around it. ;-)

I'm on BSD/OS 2.1 with all patches, and Apache 1.1b4.


View raw message