Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 13886 invoked from network); 5 Feb 2004 14:34:16 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 5 Feb 2004 14:34:16 -0000 Received: (qmail 3284 invoked by uid 500); 5 Feb 2004 14:09:28 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 3216 invoked by uid 500); 5 Feb 2004 14:09:28 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 3163 invoked from network); 5 Feb 2004 14:09:27 -0000 Received: from unknown (HELO secure.exclamationlabs.net) (66.77.29.186) by daedalus.apache.org with SMTP; 5 Feb 2004 14:09:27 -0000 Received: from modperlcookbook.org (pcp05675728pcs.walngs01.pa.comcast.net [69.139.161.218]) (authenticated (0 bits)) by secure.exclamationlabs.net (8.11.6/8.11.6) with ESMTP id i15E9Sm24307 for ; Thu, 5 Feb 2004 08:09:28 -0600 Message-ID: <40224E92.20902@modperlcookbook.org> Date: Thu, 05 Feb 2004 09:09:22 -0500 From: Geoffrey Young User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 X-Accept-Language: en-us, en MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: FileSystem v.s. Other Resources [was configurable Location?] References: <4021669F.1060904@apache.org> <6.0.2.0.2.20040204163353.0441dec0@pop3.rowe-clan.net> In-Reply-To: <6.0.2.0.2.20040204163353.0441dec0@pop3.rowe-clan.net> X-Enigmail-Version: 0.71.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N > Let's do this in 2.1 by splitting out the file system, > and if the filesystem module isn't handling a request, it won't be serving > content but also won't be invoking the directory walk or stat-ing files. this all sounds kinda interesting, and similar to the way auth has been set up in 2.1 - more directives and modules, but more flexibility and power. > > Oh last observation - it should become (in 2.1) nearly impossible for folks > to just bork around with the contents of r->filename and r->finfo, first by > stripping them from the request rec, and second by providing an API to > the filesystem module that lets another module link into another file. > That API would prevent module authors from bypassing the filesystem > module's internal security. this has come up before, and I'd love to see an API that prevents accidental disagreement between r->filename and r->finfo (for one). IIRC, there was supposed to be some discussion at the hackathon about this, but it sounds like I didn't miss it :) --Geoff