httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: FollowSymLinks rationale?
Date Sun, 25 Aug 1996 14:17:37 GMT
> Why is it that FollowSymLinks is switchable?
> 
> Cheers,
> 
> Ben.


Should be "off" by default.

Allows the server to traverse links.

Allows badguy to create links from ~/public_html/root -> /


I can't imagine setting this without "IfOwnerMatch". If my memory
serves, at one time SymLinksIfOwnerMatch did not imply FollowSymLinks
which should probably be considered a bug.  Looking at set_options()
this appears to still be true.



Mime
View raw message