httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: cvs commit: apache-1.3 STATUS
Date Tue, 05 May 1998 05:00:30 GMT
At 09:52 PM 5/4/98 -0600, Marc Slemko wrote:
>On Mon, 4 May 1998, Jim Jagielski wrote:
>> Sorry if I wasn't clear... for the config-files, it's most likely
>> safe and "best" to only allow for /dev/null and no other device
>> files. Since ap_pcfg_openfile() is only done for config files, it's
>> not a big deal doing the fstat and is, in fact, wise, hence the
>> smiley
>Except that "config files" include htaccess files and other files that are
>opened, right?
>The extra effort for htaccess files can be written off by claiming
>(probably validly) that you already have far more overhead by opening the
>htaccess files and people should simply move the htaccess to the *.conf
>files.  Stuff like htpasswd files aren't the same.

I think the extra stat is well worth it for .htpasswd files.


pure chewing satisfaction                        

View raw message