[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-docs
Subject: Re: cvs commit: httpd-2.0/docs/manual/vhosts fd-limits.html.en
From: Tony Finch <dot () dotat ! at>
Date: 2002-06-17 0:00:21
[Download RAW message or body]
On Sun, Jun 16, 2002 at 06:55:45PM -0400, Joshua Slive wrote:
> Tony Finch wrote:
> > On Sat, Jun 15, 2002 at 10:15:17PM -0400, Joshua Slive wrote:
>
> >>I guess you can put pretty much whatever you like in the Host: header.
> >>It is not a major security whole, in my opinion, but it is better not
> >>allowed.
> >
> > Before this hole was fixed in 1.3 it exposed the password file etc.
>
> I don't believe so. You could only write to files with the .log extension.
I was thinking of users of mod_vhost_alias -- perhaps I should have
checked what started this thread :-)
Tony.
--
f.a.n.finch <dot@dotat.at> http://dotat.at/
SOUTHEAST TRAFALGAR: NORTHERLY 3 OR 4. MAINLY FAIR. GOOD.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic