httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: mod_autoindex vs. auth'd directories
Date Mon, 15 Apr 2002 12:53:10 GMT
At 12:57 AM 4/15/2002, you wrote:
>On Mon, Apr 15, 2002 at 12:55:17AM -0400, Tom Howell-Cintron wrote:
> > I'm posting this to the list as I'm not sure whether it's a bug or a
> > feature, and I am quite certain that the powers that be would rather I not
> > clutter up Bugzilla.  If it is a bug I'll report it properly.. if not, my
> > apologies. =)
>
>As you guessed, it's a conscious decision.
>
>I don't agree, but there are way more committers who like this
>feature.  I hate it.
>
>IMHO, security by obscurity doesn't help.  -- justin

Then keep this default, and consider returning entries with more status
result codes by an optional directive.

Heck, you could even add a 'lock' icon to indicate auth required :-)

Oftentimes the listing of secured resources alone reveals more information
than you should share.  For that matter, Alias'ed resources never showed
up within autoindex lists.  So it's never been 'Complete' in the first place.

Bill


Mime
View raw message