DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20973>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20973 Runtime config for CGI authorization Summary: Runtime config for CGI authorization Product: Apache httpd-2.0 Version: 2.0.46 Platform: All URL: (none) OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: mod_cgi AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Please consider adding a runtime configuration directive along the lines of the current compile-time SECURITY_HOLE_PASS_AUTHORIZATION script. There is currently no way to author scripts that do authentication - short of recompiling Apache, which many are reluctant to do (for good reasons, eg. keeping package managers happy). Passing authentication is by no means *always* a security hole or even an important issue and authors may have a good reason for wanting it. Eric's patch (http://www.w3.org/1999/02/26-modules/User/Apache-defer-auth.html) is great, but probably needs a more fearsome name than 'PassAuth'. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
