httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: mod_auth-any/1672: Authentication / .htaccess DoS attack (fwd)
Date Wed, 14 Jan 1998 20:54:04 GMT


On Wed, 14 Jan 1998, Igor Tatarinov wrote:

> But why not do this checking in mod_auth ?
> or pcfg_openfile might be the right function to fix.

'cause it'd be nice to have the protection by default so that all modules
don't need to be changed.  But for modules that are clued-in and already
need stat() for other reasons (i.e. your caching module, and the core) we
should provide a disable option. 

Dean


Mime
View raw message