httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: FileSystem v.s. Other Resources [was configurable Location?]
Date Fri, 06 Feb 2004 15:47:42 GMT
William A. Rowe, Jr. wrote:
> At 12:17 PM 2/5/2004, Joshua Slive wrote:
>>>I do, however, agree that doing a directory-walk on virtual resources is
>>>not nice.  But my opinion is that "virtualness" is a property of the
>>>resource, and hence should be designated when selecting the resource.
>>>That is why I suggested changing SetHandler rather than <Location>.
>>And perhaps I'm going way off in left field here, but why should this be
>>user-configurable at all?  Shouldn't the (for example) server-status
>>handler know itself that it is a virtual handler, and therefore indicate
>>that the directory-walk should be skipped?
> For example, yes.  But on the other hand, what prevents someone from
> removing the server-status handler in the fixups phase and tricking us into
> serving a file.

sounds like we're getting into defense mechanisms against hypothetical malicious 
modules...  a loosing battle IMO

> I'd like to see the default handler entirely detached from the request if the
> dir_walk code has been bypassed.

if it's zero cost/dirt cheap in mainline code, I don't mind.


View raw message