httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mads Toftum <m...@toftum.dk>
Subject Re: Suggestion for security tips page.
Date Wed, 28 Jan 2004 13:46:05 GMT
On Wed, Jan 28, 2004 at 08:38:36AM -0500, Rich Bowen wrote:
> I'm somewhat torn on this one. a rule like this encourages people to do
> stupid things. Don't edit files on the live server.
> 
Edit it offline and do a recursive copy and the problem will be the
same - either way, I think there's plenty of these that inadvertently
end up where they shouldn't be.

> On the other hand, it is an important security consideration.
> 
Exactly.

> On the other hand (running out of hands here) where do we draw the line.
> Do we need a rule for vi swap files? MS Word swap files? Pico swap
> files?
> 
We already have IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
Maybe that is a good measure of files you probably don't want to 
serve? 
If we don't put it in the default conf, then we should at least put
it in the security doc.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message