httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: workaround for encoded slashes (%2f)
Date Fri, 01 Nov 2002 20:57:19 GMT
"William A. Rowe, Jr." wrote:
> Yes, it's a veto to introduce a security hole as a 'starting point' that
> someone might get around to cleaning up later.

demonstrate that it is a security hole in the server.
if you cannot demonstrate that this opens the server to
client-side attack, i do not regard the above as a valid
technical justification, and do not recognise the veto.
vetos require technical justification, not opinion.

show me that this opens the server to attack, and i'm there.

View raw message