DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41760>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41760 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From [EMAIL PROTECTED] 2007-03-05 12:53 ------- If you say so. In that case it must be true that AllowOverride default has changed. However, in my case a .htaccess file exists in the directory, but AllowOverride was none, and all of the files in that directory were accessible by everyone. That is simply wrong behaviour. It should work the same as if the .htaccess file is unreadable but there-- ie permission denied, not allowed. I do not have my old httpd.conf files so do not know if the default has changed, but it certainly used to be the case that the .htaccess files controlled the access to teh directory, and I certainly never recall altering the AllowOverride parameter. But the way it works now is just wrong. The default should not be universal access even in the presence of an .htaccess file. Security should be conservative, not liberal. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
