DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41760>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41760 ------- Additional Comments From [EMAIL PROTECTED] 2007-03-06 08:22 ------- Obviously this thread has already gone too far, but I can't resist. What you don't seem to realize is that there are important reasons why you *wouldn't* want apache to need to check for the existence of .htaccess. In particular, this is a significant performance drain for high-traffic static-file sites. So you want to make it impossible to tune apache for high performance, because security may be compromised by admin errors. By the same logic, we should remove the plain-HTTP protocol from the server and only allow SSL/TLS. Otherwise a bad admin could disclose sensitive information to hackers. (Oh, and obviously we also need to remove the AccessFileName directive, since changing this would also cause .htaccess files to be ignored.) In addition, your problem was caused by multiple errors on your end. First, your admin made an error when upgrading. Second, you are not following best practices for avoiding disclosure of confidential information. This information should 1) not be in a web-accessible directory; and 2) have unix file-system permissions forbidding access to the webserver process. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
