DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42079>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42079 ------- Additional Comments From [EMAIL PROTECTED] 2007-05-14 07:51 ------- (In reply to comment #3) > >To me it is also intuitive that you gain improved security by first > >restricting > >*all* access to the whole web server and then open up where you want. > Directory container permissions works in reverse way that's why we observe > this > issue. > I believe apache way of securing directories is inherited from unix file > system > security. The philosophy is that that to enter a particular level, you need to > have permission to all levels above it. Well, I understand what you say about the UNIX file system but you cannot say that this is 'The Apache way' since among the 3 different authentication schema that I have used, 'mod_ssl' is the only one enforcing this. As I have stated before in this thread, neither 'mod_auth' nor 'mod_ldap' enforces this. On the contrary, a lot of the documentation I have seen describes *my* scenario. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
