DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42079>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42079 ------- Additional Comments From [EMAIL PROTECTED] 2007-04-12 08:01 ------- (In reply to comment #1) > As we discussed in 41911, you can achieve the objective by url rewriting. > I still believe that if there is a restriction on subdir1 then subdir1/subdir2 > can not bypass that restriction. It seems counter intuitive to me. I think > that > in most of the cases, rearranging the subdirectories and url rewriting will > solve > the issue. Well, what's intuitive for a person is always a subjective thing. I my case I have a structure that I have used for 10 years (!) where I want to migrate just the authentication protocol to using client certs (from the use of LDAP and standard user/group authentication). It consists of thousands of subdirectories where today 462 subdirectories all need individual/unique access rights (a combination of 275 individual users). To me it is intuitive that I can use the same directory structure independent of authentication protocol. Using LDAP and/or user/group access had no limitations. To me it is also intuitive that you gain improved security by first restricting *all* access to the whole web server and then open up where you want. Using the reverse approach you need to remember to restrict access to all nodes where you don't want access. People will tell you loudly if they don't get the access they expect but they will never tell you if they have too much access. Any feedback is appreciated. Thanks. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
