httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Astrid Ke├čler <k...@kess-net.de>
Subject Re: RFC: UserDir off by default for 2.1/2.2
Date Fri, 01 Apr 2005 19:12:02 GMT
JO> Enabling UserDir by default can allow remote users to determine whether
JO> a given username is valid on the system or not, even if no users have a
JO> public_html directory, from the difference between a 403 from a chmod
JO> 700 /home/realuser and a 404 from not finding /home/nosuchuser.

JO> After a few iterations which did confuse people, we ended up using text
JO> like this for the default Red Hat-packaged httpd.conf:

+1 on patch

Kess


Mime
View raw message