DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40079>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40079 ------- Additional Comments From [EMAIL PROTECTED] 2007-05-12 10:54 ------- (In reply to comment #4) > Because Apache cannot be permitted to confuse e:\Apache2Server with e:\Apache~1 > or the HOST of various conflicts which can occur because windows chooses to be > CAST INSENSITIVE, but moreso because it's also NOT CANONICAL. The file path > "e:\Apache2Server\" is equivilant to "e:\Apache2Server.", for example. > > Therefore we **INSIST** on canonicalizing the path. If we have nothing but list > access to see dir FOO exists, this isn't a security problem. If we accept both > e:\Apache~1\ and e:\Apache2Server as two different names, there IS A HUGE > security problem. > > Marked as invalid. Parent directories must be list/traverse accessible to > differentiate them on Win32. Is this statement true for both, windows and unix? Or for windows only? Thanks. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
