William A. Rowe, Jr. wrote: > Ivan Zhakov wrote: > >> * is it possible to remove APR_FILEPATH_TRUENAME argument in the trunk >> of Apache HTTP Server? (see attached patch) > > -1, veto for such a change. > > Change this and httpd and even third party modules can ultimately discover > their configuration file is invalid, leading to security exposures.
FWIW - I'm willing to entertain a change to record each failed true name resolution lookup in the error log (Failed to resolve true pathname of C:\ABC, file permissions problem?). This will become extremely noisy in the error log very quickly when it happens several times per request, but I suspect it's better than failure that admins can't explain.
