httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: Agenda for 1.2b7
Date Wed, 29 Jan 1997 17:51:09 GMT
On Wed, 29 Jan 1997, Randy Terbush wrote:

> > > Planning/design items:
> > > 
> > >     * Should we change the default timeout of 1200?
> > 
> > +1... Something like 400 or less?
> 
> +1  Is 180 unreasonably short?

I don't think 180 is unreasonably short if all the timers were
done 100% correctly everywhere.  I'm not convinced they are.  400 may be a
good compromise for now.

> 
> 
> > >     * do we want a half-hearted attempt at fixing logfile opening security
> > >       holes?  
> > 
> > I'd prefer not... I think the current method of heavy documentation
> > about the location of logfiles, and the actions to take, may be
> > the less risky option.
> 
> Agreed.

On the same token, you can argue that by adding the checks we just make it
a little bit harder for it to be exploited when people do it anyway and we
don't have the change the position of saying "no, that's insecure".


Mime
View raw message