httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.org>
Subject Re: Exposed path in response code 500 messages
Date Wed, 14 Oct 1998 05:50:19 GMT
At 06:10 PM 10/13/98 -0500, Manoj Kasichainula wrote:
>What does everybody think of the bug reports complaining about path
>names exposed in code 500 responses? I'm tempted to say that the
>webmasters should fix their error 500 problems, but these messages can
>be spit out because of user CGI scripts, which expose the whole
>server. But, turning off error-notes for error 500 loses one of the
>main advantages of error-notes, and this exposure doesn't really seem
>that serious.

Personally, I don't believe the security advantages of not showing the
pathname (I concede there is an advantage) is worth the tradeoff in being
less easy to debug & learn from.

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
Where will YOU be Oct 14-16?                   |     brian@apache.org
ApacheCon '98!   http://www.apachecon.com/     |  brian@hyperreal.org


Mime
View raw message