httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Jones" <b...@fccj.org>
Subject Re: POST is not allowed
Date Fri, 11 Jun 1999 00:12:41 GMT
>From: Rasmus Lerdorf <rasmus@raleigh.ibm.com>

>> Yes, set ScriptAlias for each directory you
>> wish to give your end-users the ability to
>> execute scripts within.
>
> This is the wrong place for this, but the above assertion is incorrect.
> Being allowed to POST to a resource and whether ScriptAlias is set is not
> related.  For example, PHP scripts can live anywhere in your web tree and
> you can POST to them easily.  You do not need to ScriptAlias all the dirs
> that contain PHP scripts for this to work.  In fact, you don't need to do
> anything.
>

Well that's a big security hole.
I'll have to test this...

-Sneex- :]

Mime
View raw message