httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject mod_status and not displaying the password in request
Date Fri, 30 Oct 1998 13:22:06 GMT
I'm working on a little patch that basically adds request_rec to the score-
board and enhances and speeds up things a bit.

Right now, the server status report will not display the password in
the request. I can certainly understand why. However, one big use of
the server status is to actually do some debugging and to actually
SEE what Apache is doing. To my mind, it makes "more sense" that
the status display should not edit out information... it's quite
possible that people want to see the exact request requested.

I'd really like to avoid Yet Another runtime directive that controls
this, but I think this capability should be the default. After all,
there is "lots" of sensitive data presented in the server-status
display, and no one should really be allowing the world to see what's
going on.

Comments?
-- 
===========================================================================
   Jim Jagielski   |||   jim@jaguNET.com   |||   http://www.jaguNET.com/
            "That's no ordinary rabbit... that's the most foul,
            cruel and bad-tempered rodent you ever laid eyes on"

Mime
View raw message