Hi --
William A. Rowe, Jr. wrote:
> It so happens I'm starting one of those cycles again right now with the
> changes to the mis-handling of file matches that Nick(?) corrected in
> trunk, and I'll study your patch in tandem. Thanks for your work!!!
Much appreciated, but alas, Justin pointed
tor 2006-12-07 klockan 02:42 +0100 skrev Justin Erenkrantz:
> -1 on adding semantic junk to the existing ETag (and keeping it
> strong); that's blatantly uncool. Any generated ETag from mod_deflate
> should either be the original strong version or a weak version of any
> previous etag. mod_defla
tor 2006-12-07 klockan 02:31 +0100 skrev Justin Erenkrantz:
> mod_deflate should just add the W/ prefix if it's not already there. --
> justin
No, that won't work. You still be just as non-conforming by doing that.
But if mod_deflate may to produce different octet-level results on
different req
On Thu, 7 Dec 2006 14:54:57 -0800
Sander Temme <[EMAIL PROTECTED]> wrote:
>
> On Dec 7, 2006, at 2:12 PM, Roy T. Fielding wrote:
>
> > This is a bit unsettling, especially since I neither need nor want
> > any database-backed auth.
>
> That brings up two issues:
>
> 1) should this module be in
On Dec 7, 2006, at 2:12 PM, Roy T. Fielding wrote:
This is a bit unsettling, especially since I neither need nor want
any database-backed auth.
That brings up two issues:
1) should this module be in most, and
2) Yes we might consider turning down those log messages a bit
If the module works
Graham Dumpleton wrote:
Martin Stoufer wrote ..
Graham,
After pouring over the comments sent by you and Jim regarding my
session/class examples, I have a better feel for what is expected in
good coding models. Could you make some clarifications on one of the
examples you provided:
This is a bit unsettling, especially since I neither need nor want
any database-backed auth.
==
[Thu Dec 07 13:49:44 2006] [notice] Digest: generating secret for
digest authent
ication ...
[Thu Dec 07 13:49:44 2006] [notice] Digest: done
[Thu Dec 07 13:49:44 2006] [crit] (70023)This fu
Martin Stoufer wrote ..
> Graham,
> After pouring over the comments sent by you and Jim regarding my
> session/class examples, I have a better feel for what is expected in
> good coding models. Could you make some clarifications on one of the
> examples you provided:
>
> class SessionEnable
Graham,
After pouring over the comments sent by you and Jim regarding my
session/class examples, I have a better feel for what is expected in
good coding models. Could you make some clarifications on one of the
examples you provided:
class SessionEnabled:
def __init__(self, target):
Frank wrote:
> Joe Orton wrote:
>> Yes, CRYPTO_get_locking_callback/CRYPTO_get_id_callback.
>> [...]
>
> I already know that this functions exists. But what if my module gets
> inited before mod_ssl, which doesn't use the get-functions to determine
> that something is already there? I was in the h
Frank wrote:
Joe Orton wrote:
On Wed, Dec 06, 2006 at 06:20:55PM +, Darryl Miles wrote:
[...]
Is there an API to get the current value ?
Yes, CRYPTO_get_locking_callback/CRYPTO_get_id_callback.
[...]
I already know that this functions exists. But what if my module gets
inited before m
-0 here.
I don't see the point of earning 20 bytes per request when you can
save many more with mod_deflate or tidying the output. It's not the
job of the webserver. I won't veto it since you might find a use to
this feature if it is implemented, but it's like you also want to let
admins personali
Hi,
what the difference with no header and Header = "Server: Apache" without
version with "prod" args of servertoken...
if is to hide apache version only there no need to modify ServerToken
directive...
if is to hide apache completly ok...it's other problem...
but a security level i'm not sure
On 12/6/06, Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
ons 2006-12-06 klockan 09:38 -0500 skrev Jeff Trawick:
> Why other than ego do we want to make it hard to disable this output?
Technical reason:
Not advertising the brand and version makes it very hard for clients
(user-agents and proxies
On 12/6/06, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
Jim Jagielski wrote:
>>
>> *shrug* but as everyone seems to think that this is a good idea,
>> feel free to ignore my veto.
>>
>
> A Veto is a Veto. If you feel strongly enough about it, then
> it cannot be, and should not be, ignored.
On 12/6/06, Colm MacCarthaigh <[EMAIL PROTECTED]> wrote:
On Wed, Dec 06, 2006 at 01:43:49PM -0500, Jeff Trawick wrote:
> * The Apache HTTP Server project believes that most people who want to
> avoid sending the Server header mistakenly think that doing so may
> protect their server from attacks
16 matches
Mail list logo