[prev in list] [next in list] [prev in thread] [next in thread] 

List:       subversion-issues
Subject:    =?UTF-8?B?W0lzc3VlIDIxODJdICBFcnJvci9ub24tZXhpc3RhbnQgYXV0aCBmaQ==?=
From:       maxb () tigris ! org
Date:       2004-12-27 23:10:46
Message-ID: 20041227231046.16383.qmail () tigris ! org
[Download RAW message or body]

http://subversion.tigris.org/issues/show_bug.cgi?id=2182






------- Additional comments from maxb@tigris.org Mon Dec 27 15:10:46 -0800 2004 -------
Summary:
The issue which is (slightly circumspectly) being described is:

A missing or unreadable authz file has insecure consequences.

I think the behaviour we should be implementing is:

A missing, unreadable or unparsable authz file
... causes apache configtest to fail.
... causes apache server startup to fail.
... occurring after server startup causes a deny-all authz policy to come into
effect.

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@subversion.tigris.org
For additional commands, e-mail: issues-help@subversion.tigris.org

[prev in list] [next in list] [prev in thread] [next in thread]