httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: Exposed path in response code 500 messages
Date Wed, 14 Oct 1998 05:50:19 GMT
At 06:10 PM 10/13/98 -0500, Manoj Kasichainula wrote:
>What does everybody think of the bug reports complaining about path
>names exposed in code 500 responses? I'm tempted to say that the
>webmasters should fix their error 500 problems, but these messages can
>be spit out because of user CGI scripts, which expose the whole
>server. But, turning off error-notes for error 500 loses one of the
>main advantages of error-notes, and this exposure doesn't really seem
>that serious.

Personally, I don't believe the security advantages of not showing the
pathname (I concede there is an advantage) is worth the tradeoff in being
less easy to debug & learn from.


Where will YOU be Oct 14-16?                   |
ApacheCon '98!     |

View raw message