httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57778] Effect of AddType should be documented in more detail
Date Tue, 28 Apr 2015 19:25:22 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=57778

--- Comment #5 from sebastian@pipping.org ---
(In reply to Eric Covener from comment #4)
> updated in r1675471, trunk only for now. I've tried to lead with the short
> form and warn at the end.

A lot better now.

For the

  Configurations that rely on such "synthetic" types should be avoided

a rationale would be cool.

On

  Additionally, configurations that restrict access to SetHandler
  or AddHandler should restrict access to this directive as well

I'm unsure what that really is about. If it means to say "AddType has the same
security implications as AddHandler (getting you into remote code execution);
you may want to use ForceType wrapped by FilesMatch, instead", that's the kind
of warning I hoped for.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message