The following reply was made to PR general/1433; it has been noted by GNATS.
From: Steve O'Hara-Smith <[EMAIL PROTECTED]>
To: Dean Gaudet <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: general/1433: Double login with partially specified request
Date: Wed, 19 Nov 1997 10:19:00 +0100 (MET)
On 19-Nov-97 Dean Gaudet wrote:
>Yes if the object is handled in the filesystem that is true, but there's
>no reason the object has to be handled in the filesystem. Something later
>on in the phases can decide to map it to a CGI, or to a database object,
>or something else. Apache has no idea until it runs those phases, and it
>can't run them until the access checks pass.
>
Ahah, so this provides a mechanism for using the filesystem to secure
objects that aren't served from the filesystem. Clever, and perhaps worth
putting in the FAQ.
Thank you for your time and trouble on this one.
-----------------------------------------------------------------------
>From Steve O'Hara-Smith <[EMAIL PROTECTED]> On 19-Nov-97 At 10:19:02
Tell a computer to WIN and ... ... You LOSE!
-----------------------------------------------------------------------
