[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-docs
Subject:    Re: cvs commit: httpd-2.0/docs/manual/vhosts fd-limits.html.en
From:       Tony Finch <dot () dotat ! at>
Date:       2002-06-17 0:00:21
[Download RAW message or body]

On Sun, Jun 16, 2002 at 06:55:45PM -0400, Joshua Slive wrote:
> Tony Finch wrote:
> > On Sat, Jun 15, 2002 at 10:15:17PM -0400, Joshua Slive wrote:
> 
> >>I guess you can put pretty much whatever you like in the Host: header. 
> >>It is not a major security whole, in my opinion, but it is better not 
> >>allowed.
> > 
> > Before this hole was fixed in 1.3 it exposed the password file etc.
> 
> I don't believe so.  You could only write to files with the .log extension.

I was thinking of users of mod_vhost_alias -- perhaps I should have
checked what started this thread :-)

Tony.
-- 
f.a.n.finch <dot@dotat.at> http://dotat.at/
SOUTHEAST TRAFALGAR: NORTHERLY 3 OR 4. MAINLY FAIR. GOOD.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]