httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [PATCH] 1.3: htdocs/manual/cygwin.html and references to it
Date Wed, 27 Jun 2001 16:16:53 GMT
From: "Stipe Tolj" <tolj@wapme-systems.de>
Sent: Wednesday, June 27, 2001 4:37 AM


> > Are the canonical file names and aliasing fully addressed, or is there a possibility
> > of a user asking for /manyfi~1/ rather than /manyfiles/ to circumvent any <Directory
>
> > restrictions?
> 
> your are right, it is possible to circumvent security settings using that mechanism,
shame
> on me!!
> 
> I have posted a bug report and will fix this ASAP. Have you any suggestions where to
look
> for, so I speed up the fix?!

It possibly makes more sense simply to disable aliases on a cygwin-ed system.  If you search
microsoft.com for HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem you
will find a bunch of useful info.

Two warnings, one, you can't assume that a short~1.nam contains a '~', since that can
be turned off and is never used on Novell and some other network agents.  Second,
because of all the other 'uncanoncial' ways MS munges names (mapping trailing
periods and spaces to nothing, and accepting them always), you may need to simply
get the file listing and compare the strings.  In short, it sucks.

I'd like to change your comment slightly, to suggest something like

"The Win32 port of Apache is built on it's own, custom code within Apache to assure
compliance with the Windows operating systems.  While it is considered release quality,
it is slower and less thoroughly tested than the Unix ports.  The Cygwin alternative
uses the well tested unix code, but may suffer from gaps in security or reliability
due to the interaction of the Cygwin compatibility layer to the native Windows API,
and is therefore considered beta quality at present.  The Cygwin port is provided 
particularly to assist developers from Unix, or targeting Unix, by offering a 
near-identical implementation of the Unix Apache server.  The Win32 port is 
recommended for all production sites on Windows NT and Windows 2000 servers."

Could you live with that summary?

Bill



Mime
View raw message