DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40079>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40079 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From [EMAIL PROTECTED] 2006-12-07 11:48 ------- "Is it riquired to list up-level directories? Why server can not "live" only in its directory? Why not only check given path exists, without listing of parent directories?" Because Apache cannot be permitted to confuse e:\Apache2Server with e:\Apache~1 or the HOST of various conflicts which can occur because windows chooses to be CAST INSENSITIVE, but moreso because it's also NOT CANONICAL. The file path "e:\Apache2Server\" is equivilant to "e:\Apache2Server.", for example. Therefore we **INSIST** on canonicalizing the path. If we have nothing but list access to see dir FOO exists, this isn't a security problem. If we accept both e:\Apache~1\ and e:\Apache2Server as two different names, there IS A HUGE security problem. Marked as invalid. Parent directories must be list/traverse accessible to differentiate them on Win32. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
