On Wed, 25 Jun 2003, Glenn wrote:
Ok. I can accept that, even though we're talking the default config
for new installations. Security is my top priority and the Apache
configuration is _very_ flexible and likewise _very_ complex. Until
I slowly learned the Apache directives one by one and
Thanks for the comments.
On Tue, Jun 24, 2003 at 08:08:22PM -0400, Joshua Slive wrote:
- Changes defaults to disallow access to files unless explicitly allowed.
Although this is, in general, a good idea, I think it would cause many
people to be confused. I don't think it is a good idea to
On Wed, Jun 25, 2003 at 12:31:41PM -0400, Joshua Slive wrote:
Rather than rehashing the thread about default config files, how about
httpd.conf-compat? Or a comment at the top of httpd.conf-dist that says
These defaults are aimed at compatibility with previous releases.
Look for commented
Might be too late for 1.3.28, but I'd love some comments.
- Changes defaults to disallow access to files unless explicitly allowed.
- Turns off CGICommandArgs
I haven't seen any scripts that still use this, but have come across
more than a handful of scripts that were vulnerable. And this is
On Tue, 24 Jun 2003, Glenn wrote:
Might be too late for 1.3.28, but I'd love some comments.
- Changes defaults to disallow access to files unless explicitly allowed.
Although this is, in general, a good idea, I think it would cause many
people to be confused. I don't think it is a good idea