httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Havard" <>
Subject Re: Plugging nice big security hole (OS/2)
Date Tue, 21 Jul 1998 01:34:57 GMT
On Mon, 20 Jul 1998 09:17:33 -0700 (PDT), Dean Gaudet wrote:

>If people would just read the goddamn documentation they'd see that
><Location> protects URLs and shouldn't be used for filesystem protection
>at all.
>People using a <Location> that results in the default handler or any
>"filesystem" handler deserve the trouble they get.

It concerned me because if I protect the URL
with a <Location /bar/private> block I can bypass it by entering the URL

If you're saying that <Location> blocks shouldn't be used this way that's
fine by me.

 |  Brian Havard                 |  "He is not the messiah!                   |
 |  |  He's a very naughty boy!" - Life of Brian |

View raw message