httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas George" <tgeo...@ibaset.com>
Subject RE: [users@httpd] Recompiling Without HTTP TRACE
Date Wed, 03 Dec 2003 16:04:12 GMT
Joshua,

It's not a choice I get to make.

Our security group follows policies given to them by the federal government,
and HTTP TRACE has been identified as a vulnerability; maybe they know
something I don't...?

Anyhow, I still would like to know if it's possible to turn it off during
compilation, and how to do it.

Thanks,

Thomas


-----Original Message-----
From: Joshua Slive [mailto:joshua@slive.ca] 
Sent: Monday, December 01, 2003 6:11 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Recompiling Without HTTP TRACE


On Mon, 1 Dec 2003, Thomas George wrote:
> I'm not really familiar with the map_to_storage hook, or why it wouldn't
> make sense to disable a potential security vulnerability if I don't need
it
> (please let me know your thoughts on this).

Read the links in the email that I sent you.  You will find that TRACE is
not a security vulnerability (real or potential).

If you don't feel like reading the apache source code, I recommend you
don't plan on mucking with it.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message