httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: more minor 2.0.31 breakage
Date Tue, 05 Feb 2002 14:10:46 GMT
* On 2002-02-05 at 09:06,
  Stas Bekman <stas@stason.org> excited the electrons to say:
> 
> On Tue, 5 Feb 2002, Rodent of Unusual Size wrote:
> 
> > No, because I've vetoed the 'fix' as a security violation.
> > Sorry..
> 
> So you say it's proper not to display a directory name if it requires 
> auth?

Correct.  Similarly (though I don't know if we do it
currently) we shouldn't list any files for which the
subrequest comes back with 'some auth required', 401,
or other indication that we don't have the proper
credentials to access them.  Such as files covered by
a <Files> block, for instance.
> 
> _____________________________________________________________________
> Stas Bekman             JAm_pH      --   Just Another mod_perl Hacker
> http://stason.org/      mod_perl Guide   http://perl.apache.org/guide
> mailto:stas@stason.org  http://ticketmaster.com http://apacheweek.com
> http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
> 

-- 
#ken	P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist      http://Apache-Server.Com/

"Millennium hand and shrimp!"

Mime
View raw message