httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject [Vote] .htaccess logic abuse
Date Fri, 18 Nov 2011 22:38:14 GMT
After several prods, it seems the security@ and hackathon participants
can't be drawn out of their shells on to dev@.  So I'll simply call for
a majority vote on the following statement...

Resource abuse of an .htaccess config in the form of cpu/memory/bandwidth;

   [ ]  Represents a security defect
   [ ]  Is not a security defect

This would obviously need to be clarified in the associated .htaccess
documentation, be associated with an advisory and affect the conclusion
of several recent defect reports, both embargoed and discussed plainly
here on this list.

View raw message