-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 2:06 PM -0700 6/10/01, Paul Burney wrote:
>
> > GET /TeSt/index.html
>
>Though it causes a bit of a performance penalty, a .htaccess file in a
>protected directory will resolve that problem.
I'm actually more concerned about scripting directives. In
particular, things like:
<FilesMatch ".*\.epl$">
Options ExecCgi
AllowOverride AuthConfig FileInfo Indexes Limit Options
SetHandler perl-script
PerlHandler HTML::Embperl
</FilesMatch>
I assume that if someone goes to
foo.ePl
they are going to get the raw source code, and that is, needless to
say, a potentially huge security risk. (Yes, people *ought* to put
their secure information in libraries outside of the web tree,
but....)
- --
Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQA/AwUBOyUH2yZsPfdw+r2CEQLOfQCeLrH5M8OT6q6rVElT81CwHjOcdYwAn3Sy
+NFaRHcSK/ZRpuy9raGMF0as
=kCII
-----END PGP SIGNATURE-----
