DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41760>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41760 ------- Additional Comments From [EMAIL PROTECTED] 2007-03-06 08:52 ------- Yes, it has gone on too long and I think both our positions are clear. However, I want nothing of the sort. a) I want at the very least a warning in the .conf file that setting AllowOverride None disables all .htaccess control. b) At the next level, the disabling of .htacceess control should not be overloaded onto a configuration option which also does something else. Put in a separate DisableAccessControl directive, which would make it abundantly clear to administrators. c) Yes, my situation did result from a number of errors, eg, Apache not warning that AllowOverride None disables all .htaccess control and that the description of that option claims it to be the default and to be conservative. Good software design anticipates user's stupidities, and at the very least warns uses where problems could occur. I also notice that you continue to not respond to my suggestions or complaints, but operate in a "blame the user" mode. This report is at the very least feedback, that there is a SECURITY issue here that has bitten at least one user ( and by the rules of all business practice, if one user complains, it probably means 1000 users have had theproblem and not bothered to complain). As I said, from the response I do not believe that you will do anything at all about this. I clearly have no control over that. I will continue to use Apache, but will no longer believe claims that Apache takes security seriously. But I guess that is just my opinion and my problem. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
