Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0D585715F for ; Sat, 19 Nov 2011 16:56:58 +0000 (UTC) Received: (qmail 56765 invoked by uid 500); 19 Nov 2011 16:56:57 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 56703 invoked by uid 500); 19 Nov 2011 16:56:57 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 56695 invoked by uid 99); 19 Nov 2011 16:56:57 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Nov 2011 16:56:57 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of h.reindl@thelounge.net designates 91.118.73.15 as permitted sender) Received: from [91.118.73.15] (HELO mail.thelounge.net) (91.118.73.15) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Nov 2011 16:56:50 +0000 Received: from srv-rhsoft.rhsoft.net (openvpn-241.thelounge.net [10.0.0.241]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (Postfix) with ESMTPSA id 209E89A for ; Sat, 19 Nov 2011 17:56:29 +0100 (CET) Message-ID: <4EC7DFBC.5050908@thelounge.net> Date: Sat, 19 Nov 2011 17:56:28 +0100 From: Reindl Harald Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110930 Thunderbird/7.0.1 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: [Vote] .htaccess logic abuse References: <4EC6DE56.9020701@rowe-clan.net> <4EC7DD0A.2040302@beamartyr.net> In-Reply-To: <4EC7DD0A.2040302@beamartyr.net> X-Enigmail-Version: 1.3.3 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig99C8D047568E84805F5E36A0" This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig99C8D047568E84805F5E36A0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 19.11.2011 17:44, schrieb Issac Goldstand: > On 19/11/2011 00:38, William A. Rowe Jr. wrote: >> Resource abuse of an .htaccess config in the form of >> cpu/memory/bandwidth; >> >> [ ] Represents a security defect >> [X] Is not a security defect > The sysadmin knows best. If it's a problem, disable it (or the > problematic type of directives via Options) on your system. +1 where not everybody has the permissions to write .htaccess it is absolutly no problem, there where foreigen people can create such files the admin should know what he does inclduing every single option in httpd-configuration has as example the side-effect taht after a restart opcode-caches are empty which hurts more than .htaccess --------------enig99C8D047568E84805F5E36A0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7H37wACgkQhmBjz394AnnUPgCeJk6u4pBX1mk3ThkQtZ5lk/mz T08An2cQqpSnKbhkiOZo6PyhFQlxFY7t =rv8y -----END PGP SIGNATURE----- --------------enig99C8D047568E84805F5E36A0--