httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: workaround for encoded slashes (%2f)
Date Fri, 01 Nov 2002 20:57:19 GMT
"William A. Rowe, Jr." wrote:
> 
> Yes, it's a veto to introduce a security hole as a 'starting point' that
> someone might get around to cleaning up later.

demonstrate that it is a security hole in the server.
if you cannot demonstrate that this opens the server to
client-side attack, i do not regard the above as a valid
technical justification, and do not recognise the veto.
vetos require technical justification, not opinion.

show me that this opens the server to attack, and i'm there.

Mime
View raw message