httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: cvs commit: apache-1.3 STATUS
Date Tue, 05 May 1998 03:52:07 GMT
On Mon, 4 May 1998, Jim Jagielski wrote:

> Sorry if I wasn't clear... for the config-files, it's most likely
> safe and "best" to only allow for /dev/null and no other device
> files. Since ap_pcfg_openfile() is only done for config files, it's
> not a big deal doing the fstat and is, in fact, wise, hence the
> smiley

Except that "config files" include htaccess files and other files that are
opened, right?

The extra effort for htaccess files can be written off by claiming
(probably validly) that you already have far more overhead by opening the
htaccess files and people should simply move the htaccess to the *.conf
files.  Stuff like htpasswd files aren't the same.

View raw message