-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 2:06 PM -0700 6/10/01, Paul Burney wrote: > > > GET /TeSt/index.html > >Though it causes a bit of a performance penalty, a .htaccess file in a >protected directory will resolve that problem. I'm actually more concerned about scripting directives. In particular, things like: <FilesMatch ".*\.epl$"> Options ExecCgi AllowOverride AuthConfig FileInfo Indexes Limit Options SetHandler perl-script PerlHandler HTML::Embperl </FilesMatch> I assume that if someone goes to foo.ePl they are going to get the raw source code, and that is, needless to say, a potentially huge security risk. (Yes, people *ought* to put their secure information in libraries outside of the web tree, but....) - -- Kee Hinckley - Somewhere.Com, LLC http://consulting.somewhere.com/ I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBOyUH2yZsPfdw+r2CEQLOfQCeLrH5M8OT6q6rVElT81CwHjOcdYwAn3Sy +NFaRHcSK/ZRpuy9raGMF0as =kCII -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 13:08:20 PDT