* On 2002-02-05 at 09:06, Stas Bekman <[EMAIL PROTECTED]> excited the electrons to say: > > On Tue, 5 Feb 2002, Rodent of Unusual Size wrote: > > > No, because I've vetoed the 'fix' as a security violation. > > Sorry.. > > So you say it's proper not to display a directory name if it requires > auth?
Correct. Similarly (though I don't know if we do it currently) we shouldn't list any files for which the subrequest comes back with 'some auth required', 401, or other indication that we don't have the proper credentials to access them. Such as files covered by a <Files> block, for instance. > > _____________________________________________________________________ > Stas Bekman JAm_pH -- Just Another mod_perl Hacker > http://stason.org/ mod_perl Guide http://perl.apache.org/guide > mailto:[EMAIL PROTECTED] http://ticketmaster.com http://apacheweek.com > http://singlesheaven.com http://perl.apache.org http://perlmonth.com/ > -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!"
