Synopsis: .htaccess can be bypassed with cgi scripts which use PATH_TRANSLATED info (Re: PR1418)
State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Fri Aug 14 18:30:04 PDT 1998 State-Changed-Why: No, the web server can't do the authorization because the path info doesn't necessarily have anything to do with a filesystem path; it _can_ be used that way, but it is very often used in other ways. Any CGI can do the same thing; if the files are readable, the CGI would read them. Would you blame Apache for a CGI that just printed out the contents of every file on the filesystem that were readable to the user.
