On Wed, 25 Jun 2003, Glenn wrote:
> Ok. I can accept that, even though we're talking the default config
> for new installations. Security is my top priority and the Apache
> configuration is _very_ flexible and likewise _very_ complex. Until
> I slowly learned the Apache directives one by one a
On Wed, Jun 25, 2003 at 12:31:41PM -0400, Joshua Slive wrote:
> > Rather than rehashing the thread about default config files, how about
> > httpd.conf-compat? Or a comment at the top of httpd.conf-dist that says
> > "These defaults are aimed at compatibility with previous releases.
> > Look for c
On Wed, 25 Jun 2003, Glenn wrote:
> On Tue, Jun 24, 2003 at 08:08:22PM -0400, Joshua Slive wrote:
> > > - Changes defaults to disallow access to files unless explicitly allowed.
> >
> > Although this is, in general, a good idea, I think it would cause many
> > people to be confused. I don't think
Thanks for the comments.
On Tue, Jun 24, 2003 at 08:08:22PM -0400, Joshua Slive wrote:
> > - Changes defaults to disallow access to files unless explicitly allowed.
>
> Although this is, in general, a good idea, I think it would cause many
> people to be confused. I don't think it is a good idea
On Tue, 24 Jun 2003, Glenn wrote:
> Might be too late for 1.3.28, but I'd love some comments.
>
> - Changes defaults to disallow access to files unless explicitly allowed.
Although this is, in general, a good idea, I think it would cause many
people to be confused. I don't think it is a good ide
Might be too late for 1.3.28, but I'd love some comments.
- Changes defaults to disallow access to files unless explicitly allowed.
- Turns off CGICommandArgs
I haven't seen any scripts that still use this, but have come across
more than a handful of scripts that were vulnerable. And this is