httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: RFC: UserDir off by default for 2.1/2.2
Date Wed, 30 Mar 2005 15:49:06 GMT
On Wed, 30 Mar 2005 17:33:58 +0200, André Malo <nd@perlig.de> wrote:
> * Joe Orton wrote:
> 
> > Enabling UserDir by default can allow remote users to determine whether
> > a given username is valid on the system or not, even if no users have a
> > public_html directory, from the difference between a 403 from a chmod
> > 700 /home/realuser and a 404 from not finding /home/nosuchuser.
> >
> > After a few iterations which did confuse people, we ended up using text
> > like this for the default Red Hat-packaged httpd.conf:
> 
> +1 (and don't forget the windows default config)

+1 here as well

Mime
View raw message