DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28515>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28515 A reference to a broken symbolic link results in a "broken" error response page. ------- Additional Comments From [EMAIL PROTECTED] 2004-04-21 16:45 ------- I have now studied that *other* issue mentioned at the end of my first post, and have come to the conclusion that it's very likely to be related to the problem initially posted. And therefore have decided to append it to this issue. I also have raised the severity because, under unfortunate circumstances, it could become - if not a security issue, then at least - an *integrity* issue. If you follow the same steps as described in my initial posting after having enabled the 'Customized Error Responses' feature you will notice that in the case with the broken link the standard error response is displayed instead of the customized one, one would expect. Why this might lead to an *integrity* issue? I noticed this problem in the process of "hiding" any error responses returned due to non-authorized access attempts, e.g. made by a"harvesting" web-crawler attempting to gain access to information by visiting a site via an it's IP-Address, and which will reveal information, e.g. the email address of the system's administrator, etc. And until this has been fixed it could, under unfortunate circumstances, lead to the revealing of more information than intended, by accident. As always, feel free to ask for complimentary information concerning this. Best Regards, Rolf Sponsel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
