httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Finch <...@dotat.at>
Subject Re: cvs commit: httpd-2.0/docs/manual/vhosts fd-limits.html.en
Date Mon, 17 Jun 2002 00:00:21 GMT
On Sun, Jun 16, 2002 at 06:55:45PM -0400, Joshua Slive wrote:
> Tony Finch wrote:
> > On Sat, Jun 15, 2002 at 10:15:17PM -0400, Joshua Slive wrote:
> 
> >>I guess you can put pretty much whatever you like in the Host: header. 
> >>It is not a major security whole, in my opinion, but it is better not 
> >>allowed.
> > 
> > Before this hole was fixed in 1.3 it exposed the password file etc.
> 
> I don't believe so.  You could only write to files with the .log extension.

I was thinking of users of mod_vhost_alias -- perhaps I should have
checked what started this thread :-)

Tony.
-- 
f.a.n.finch <dot@dotat.at> http://dotat.at/
SOUTHEAST TRAFALGAR: NORTHERLY 3 OR 4. MAINLY FAIR. GOOD.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message