httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: v. 2.2 Documentation errors? (in mod/core.html#options and misc/security_tips.html#protectserverfiles)
Date Sat, 13 Dec 2008 05:41:43 GMT
On Fri, Dec 12, 2008 at 7:44 PM, Christopher Drost
<chris.drostie@gmail.com> wrote:
> Go ahead, try it. I did. Right now http://drostie.org/symlink/ is a
> symlink pointing to the folder /hidden, which is very far away from my
> DocumentRoot. It could (and did) point to my root directory at some
> point. And the symlink was created without sudo or root privileges by
> my normal account. The <Directory /> directive didn't stop anything.
> Because the person who wrote this Security Tip didn't read
> mod/core.html#options.

It seems like the introductory text in the security tips section is
okay, but the example chosen to illustrate the "normal URL mapping
rules" is unfortunately chosen.(symlink) to illustrate  the "default
to no access" directory container.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message