httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail T." <mi+t...@aldan.algebra.com>
Subject Re: Resolved (sort of): Struggling with AuthMerging
Date Sat, 03 Aug 2013 20:20:13 GMT
03.08.2013 15:19, Eric Covener ???????(??):
> I didn't interpret his response that way. Those are modules that will
> create subrequests/internal redirects to new URIs that could have
> separate authz applied to them from the original URI --  you can't
> assume the server is any less interested in performing authz on them.
Ben's examples -- given in

CADkdwvRme0QObKdQVCjF+_h7St+CG8zDHhpnLXjup2V=KpQazQ@mail.gmail.com

-- were mod_autoindex and mod_dav_svn. Both -- as far as I understood --
used additional authz-checks when generating the /body/ of the response.
Not to decide, whether to authorize the request itself, but to decide,
what exactly to send back after the authorization already succeeded.

> The server can't tell the difference between that and
> your mod_actions internal redirect to a new URI -- they need to be
> checked.
Then, perhaps, there should be a way for me to tell the server, that
such a decision can be made for a particular Location (or Directory, or
vhost).

Yours,

    -mi


Mime
View raw message