www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject Re: config/3033: module execution order
Date Wed, 23 Sep 1998 05:48:51 GMT
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]


Synopsis: module execution order

State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Tue Sep 22 22:48:49 PDT 1998
State-Changed-Why:
Authentication has to come first to avoid revealing private
information.  If someone restricts access to an area, they
have restricted access to the area.  You have to access that
area to get "information" (in this case, a redirect), so
you require auth.

Say you were redirecting people to a ftp site with a login
and password and you wanted to require authentication
before you redirected them with that password.

Sure, there are examples where it would be useful to do it
the other way around but the basic concept that information
should not be revealed from a trusted area to a user that
shouldn't have access to that area.  Documents are not
the only form of information by any means.

As for executing things "in the order they appear in htaccess
files", this makes no sense and is completely unsupportable.
It may sound nice, but if you actually think about how it would
work it would be very ugly.
Release-Changed-From-To: 1.x-1. x
Release-Changed-By: marc
Release-Changed-When: Tue Sep 22 22:48:49 PDT 1998


Mime
View raw message