httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@nueva.pvt.k12.ca.us>
Subject Re: config/315: <LIMIT> causes two password queries unless given fqdn.
Date Sun, 06 Apr 1997 06:25:11 GMT
On Sat, 5 Apr 1997, Marc Slemko wrote:

[...]

> I was thinking more along the lines of sending a 301 right away instead of
> a 401 based on the authorization required for the parent directory.  If
> you treat "foo" as a file in the parent directory and "foo/" as a
> subdirectory, I think it makes sense to allow "access" (ie. a redirect) to
> "foo" if access would be granted to the parent of the foo directory.  

Ah, okay. That makes sense.

> I agree with you that doing what I suggest for _any_ directory would give
> away information that should not be given away.  As you also point out,
> implementation is another issue. 

Yes, it is. Apache doesn't treat ever treat directories (with or
without slashes) as files in the parent directory. So even if we
wanted to do this, the current setup doesn't give you access to the
per-dir setup for the parent directory, only the "child" one. You'd
have to do something like strip off the last path segment, feed it
back as a subrequest, and that could cause even worse problems, I
think.

Although that's just a first glance at an answer; I haven't checked
the code in great detail either.

-- 
________________________________________________________________________
Alexei Kosut <akosut@nueva.pvt.k12.ca.us>      The Apache HTTP Server
URL: http://www.nueva.pvt.k12.ca.us/~akosut/   http://www.apache.org/


Mime
View raw message