httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: cvs commit: apache-1.3/src/main http_core.c
Date Fri, 03 Jul 1998 23:14:56 GMT
Marc Slemko wrote:
> 
> Note that this introduces a security problem in that many users use
> something other than the uppercase method name in their config files.
> Previously it worked; this will magically stop authentication from being
> required for them.  That is bad.

Not as bad as you might think; the bad method names will cause
configuration errors and show up in the error log.  If in the
server conf files, the server won't even start.

I'm making a note in the upgrading* document regardless, and
I think this thing in particular should be mentioned in the 1.3.1
announcement message.

Being conditionally bad or knowingly incorrect.. I prefer the
former, I think.

#ken	P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Group member         <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>

Mime
View raw message