httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCarthaigh <c...@stdlib.net>
Subject Re: [vote] 2.1.9 as beta
Date Wed, 02 Nov 2005 19:46:10 GMT
On Wed, Nov 02, 2005 at 01:10:09PM -0600, William A. Rowe, Jr. wrote:
> Well if you see only one way to fix it, yes, 

The only viable way anyway. I've been looking at this for a few months,
since I first reported to security@apache.org (still waiting on a
response) and have tried to construct the logic on the authz side, but
it would require quite a complex ACL compiler and even then would not
solve the problem of Deny statements being added while content was
already cached.

> I'm guessing it all remains at an impass for the next few years.
> You've claimed this is a bug, I claim you propose an enhancement.  But
> I see merit in the desire to restrict content based on physical authz
> topography (not on user based authnz which is already defined by http
> caching headers.)  Also I suspect that there are 'other ways', not
> simply one way.

Great!

> In any case, there's nothing in STATUS and I was prepared to see where
> the discussion last ended, but didn't have time today to start
> trawling through the maillist archives.  Try adding an entry in STATUS
> when an issue needs to be addressed.

I'll add one now. 

-- 
Colm MacCárthaigh                        Public Key: colm+pgp@stdlib.net

Mime
View raw message