httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lou Langholtz <>
Subject Re: configfile_t.param
Date Tue, 02 Jun 1998 01:35:16 GMT
> As I've said already:  there may not be a file descriptor.  There may not
> even be a filename, the name parameter is a descriptive text intended for
> human consumption (in error messages).  The method you're using won't work
> at all.  In fact it won't even compile in 1.3.0 because I made poolfile_t
> a private type in util.c... it shouldn't have been public, it is a private
> interface.

It seems like we're loosing something here that we dont want to lose
though. With all the hiding we should at least leave behind some
method pointers with which we can get info on the configuration
"objects" such as their type, and owner.

> I suspect that there's an entirely easier solution that isn't prone to
> security problems.  If this is crud in ~user URLs then just use the
> embedded user in the URL.  Otherwise it's probably crud under a
> /blah/blah/docroot/user hierarchy (where user may be a domain name) and
> you can compare against the uid of that file.  Without knowing a lot more
> about your application I can't say.
> Dean

The application is a module for logging on a per-directory basis.
The way I've set it up, users get to see accesses as they're handled
with all the per-hit relevant info possible in their own logs without
seeing everyone elses hits.

So how would you suggest doing it instead of the way I've gone about
describing? Certainly in the 1.3 line of apache this would be better
rolled into the existing logging module than having a seperate module
like it's currently. But what other mechanism besides using the htacces
file would you suggest to enable any directory to configure logging for
hits to files anywhere underneath it that could also be done by users

I'm stumped and intrigued now to find out ;-)

View raw message