On Fri, Dec 12, 2008 at 7:44 PM, Christopher Drost <[email protected]> wrote: > Go ahead, try it. I did. Right now http://drostie.org/symlink/ is a > symlink pointing to the folder /hidden, which is very far away from my > DocumentRoot. It could (and did) point to my root directory at some > point. And the symlink was created without sudo or root privileges by > my normal account. The <Directory /> directive didn't stop anything. > Because the person who wrote this Security Tip didn't read > mod/core.html#options.
It seems like the introductory text in the security tips section is okay, but the example chosen to illustrate the "normal URL mapping rules" is unfortunately chosen.(symlink) to illustrate the "default to no access" directory container. -- Eric Covener [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
