Joshua Slive wrote: > On 8/20/06, Carsten Wiedmann <[EMAIL PROTECTED]> wrote: > >> Ok. Then we can say: For some other reasons, it's not safe to make a >> ScriptAlias inside DirectoryRoot on *nix (it only looks as if it's safe). > > Yes, this is true. *Alias* do not do the canonicalization necessary > to assure they can't be bypassed. That applies to any filesystem. > The docs do make it clear in other places that the only safe way to > protect content in the filesystem is using <Directory>.
Ding ding ding. Now with some luck light bulbs will come on. Alias / ScriptAlias have (1) function which is to point the URI space into another filesystem space. If the content is under DocumentRoot there is no reason for alias.
