Package: lighttpd Version: 1.4.13-10 Severity: normal Hi,
Module loading order is important. If you load status before auth and use auth for status, auth is ignored and users can access status without authentication. The same probably applies to fastcgi as well, so you should ensure modules are loaded in the proper order. Maybe auth should be loaded in lighttpd.conf at the top. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (1, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores) Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages lighttpd depends on: ii libattr1 1:2.4.32-1.1 Extended attribute shared library ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libldap2 2.1.30-13.4 OpenLDAP libraries ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi ii libssl0.9.8 0.9.8c-4 SSL shared libraries ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap ii perl 5.8.8-7 Larry Wall's Practical Extraction ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages lighttpd recommends: ii php5-cgi 5.2.0-10 server-side, HTML-embedded scripti -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

