On Tue, 24 Jun 2003, Glenn wrote: > Might be too late for 1.3.28, but I'd love some comments. > > - Changes defaults to disallow access to files unless explicitly allowed.
Although this is, in general, a good idea, I think it would cause many people to be confused. I don't think it is a good idea to change it this late in the 1.3 series (even if it is only the default config file). > - Turns off CGICommandArgs +1, but only if this directive is documented in the manual. I see nothing on it at the moment. (Obviously that's not your fault.) > - On unix httpd-conf-dist, does not allow Emacs autosave or temporary files > to be served (along with not allowing .ht* files). Emacs keeps the same > permission on its temp files, which is a poor choice. (vi restricts > permission to owner on its .swp files.) Also gives a commented out example > that additionally disallows *.bak, *.old, *.so, *.a, and *.o files. I'm fine with the example, but I don't like enabling that by default. It will cause too much confusion for too little gain. (It is an ugly-looking regex and will inevitably hit some people who don't expect it.) Joshua.
