httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: mod_status and not displaying the password in request
Date Fri, 30 Oct 1998 13:30:55 GMT
Rasmus Lerdorf wrote:
> > I'd really like to avoid Yet Another runtime directive that controls
> > this, but I think this capability should be the default. After all,
> > there is "lots" of sensitive data presented in the server-status
> > display, and no one should really be allowing the world to see what's
> > going on.
> What other sensitive information is there?  

Well, I consider things like the client's IP and the vhost itself
"sensitive" information. Heck, even the request itself could be
considered sensitive in that why should the world know that the
browser at was looking at '' and requesting
'GET /images/whatknockers.gif HTTP/1.0'

:) :) :)

   Jim Jagielski   |||   |||
            "That's no ordinary rabbit... that's the most foul,
            cruel and bad-tempered rodent you ever laid eyes on"

View raw message