httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: mod_auth-any/1672: Authentication / .htaccess DoS attack (fwd)
Date Wed, 14 Jan 1998 20:54:04 GMT

On Wed, 14 Jan 1998, Igor Tatarinov wrote:

> But why not do this checking in mod_auth ?
> or pcfg_openfile might be the right function to fix.

'cause it'd be nice to have the protection by default so that all modules
don't need to be changed.  But for modules that are clued-in and already
need stat() for other reasons (i.e. your caching module, and the core) we
should provide a disable option. 


View raw message