[20987] in bugtraq
Re: Mac OS X - Apache & Case Insensitive Filesystems
daemon@ATHENA.MIT.EDU (Kee Hinckley)
Tue Jun 12 16:07:39 2001
Mime-Version: 1.0
Message-Id: <p0510031ab74ab146dd28@[192.168.1.93]>
In-Reply-To: <B7492F79.17F4%burney@gseis.ucla.edu>
Date: Mon, 11 Jun 2001 13:34:57 -0400
To: Paul Burney <burney@gseis.ucla.edu>
From: Kee Hinckley <nazgul@somewhere.com>
Cc: Stefan Arentz <stefan.arentz@soze.com>, <BUGTRAQ@securityfocus.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 2:06 PM -0700 6/10/01, Paul Burney wrote:
>
> > GET /TeSt/index.html
>
>Though it causes a bit of a performance penalty, a .htaccess file in a
>protected directory will resolve that problem.
I'm actually more concerned about scripting directives. In
particular, things like:
<FilesMatch ".*\.epl$">
Options ExecCgi
AllowOverride AuthConfig FileInfo Indexes Limit Options
SetHandler perl-script
PerlHandler HTML::Embperl
</FilesMatch>
I assume that if someone goes to
foo.ePl
they are going to get the raw source code, and that is, needless to
say, a potentially huge security risk. (Yes, people *ought* to put
their secure information in libraries outside of the web tree,
but....)
- --
Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQA/AwUBOyUH2yZsPfdw+r2CEQLOfQCeLrH5M8OT6q6rVElT81CwHjOcdYwAn3Sy
+NFaRHcSK/ZRpuy9raGMF0as
=kCII
-----END PGP SIGNATURE-----
