DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=44173>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44173 Summary: Deny access to backup ~ files by default Product: Apache httpd-2 Version: 2.3-HEAD Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Runtime Config AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Many text editors (gedit, emacs) create backup files by default (like "hello.shtml~"). Such files are probably not intended to be served, and serving them can create various problems: Because Apache might have been set up to detect MIME types and handlers based on the file extension (which ends in ~ for backup files), it could make incorrect decisions when such backup files are to be served. This can potentially be a security issue, if a the file is a script that contains sensitive information (like database passwords) in its source code. Unless there is a good reason for serving backup~ files, I think the default configuration should be changed to deny access them. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
