httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rasmus Lerdorf <ras...@lerdorf.on.ca>
Subject Re: mod_status and not displaying the password in request
Date Fri, 30 Oct 1998 13:37:09 GMT
> Well, I consider things like the client's IP and the vhost itself
> "sensitive" information. Heck, even the request itself could be
> considered sensitive in that why should the world know that the
> browser at 207.207.111.2 was looking at 'www.biguns.com' and requesting
> 'GET /images/whatknockers.gif HTTP/1.0'

No fair!  http://www.biguns.com/images/whatknockers.gif doesn't exist.  If
you want your argument to hold any water you need to use real data!  ;)

I still consider that information somewhat less sensitive than a password
that will let someone into a protected area of the site and potentially
execute transactions or whatever else might go along with that.

-Rasmus


Mime
View raw message