httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: Proxying subrequests
Date Mon, 29 Oct 2007 13:34:55 GMT

On Oct 28, 2007, at 4:12 AM, Niklas Edmundsson wrote:

> On Sat, 27 Oct 2007, Paul Querna wrote:
>
>> -0.9 on enabling this by default in mod_includes.  Make it  
>> possible to
>> turn it on via httpd.conf, but never on by default....
>
> I agree.
>
> And it should have huge warning signs, and a long descriptive name  
> that does not invite to "let's try this and see if it solves my  
> problem".
>
> Cross-site-include-holes are nasty, and I see it as a feature that  
> they are not "supported" ;)

I tend to agree... This seems to open up a huge can
of worms, and makes it v easy to people to use these "neat"
feature and open themselves up to all kinds of
nasty, nasty things.


Mime
View raw message