When I am involved in Security questions I try to discuss security breaches
in terms of confidentiality, integrity and availability.
If something is suppossed to be confidential, but a workaround makes it not
so - it is a security breach; idem for integrity - a workaround makes it
possible to
Hence - my vote - for what it is worth:
[X] Represents a security defect
On Sat, Nov 19, 2011 at 12:46 AM, Graham Leggett minf...@sharp.fm wrote:
On 19 Nov 2011, at 12:38 AM, William A. Rowe Jr. wrote:
After several prods, it seems the security@ and hackathon participants
can't be drawn
On 12/26/2011 3:24 PM, Michael Felt wrote:
Hence - my vote - for what it is worth:
That's understood, but the vote was concluded, and the votes by
the project committee members indicated a very clear consensus
is that it would not be possible to provide for untrusted
.htaccess files, in spite of
On Tue, Dec 20, 2011 at 03:25:09AM -0600, William Rowe wrote:
On 11/18/2011 4:38 PM, William A. Rowe Jr. wrote:
After several prods, it seems the security@ and hackathon participants
can't be drawn out of their shells on to dev@. So I'll simply call for
a majority vote on the following
On 11/18/2011 4:38 PM, William A. Rowe Jr. wrote:
After several prods, it seems the security@ and hackathon participants
can't be drawn out of their shells on to dev@. So I'll simply call for
a majority vote on the following statement...
Resource abuse of an .htaccess config in the form of
-Original Message-
From: Stefan Fritsch [mailto:s...@sfritsch.de]
Sent: Samstag, 19. November 2011 03:37
To: dev@httpd.apache.org
Subject: Re: [Vote] .htaccess logic abuse
On Friday 18 November 2011, William A. Rowe Jr. wrote:
Resource abuse of an .htaccess config in the form
On Fri, Nov 18, 2011 at 04:38:14PM -0600, William Rowe wrote:
After several prods, it seems the security@ and hackathon participants
can't be drawn out of their shells on to dev@. So I'll simply call for
a majority vote on the following statement...
Thanks for the prod!
Resource abuse of an
On 21/11/2011 18:19, Joe Orton wrote:
On Fri, Nov 18, 2011 at 04:38:14PM -0600, William Rowe wrote:
After several prods, it seems the security@ and hackathon participants
can't be drawn out of their shells on to dev@. So I'll simply call for
a majority vote on the following statement...
On 11/21/2011 10:19 AM, Joe Orton wrote:
I agree for resource consumption attacks. I think there's still a good
case for treating bugs which allow escalation of privileges as security
issues (i.e. something which gets you from an .htaccess file to
arbitrary code execution in the httpd child).
On 19/11/2011 00:38, William A. Rowe Jr. wrote:
Resource abuse of an .htaccess config in the form of
cpu/memory/bandwidth;
[ ] Represents a security defect
[X] Is not a security defect
The sysadmin knows best. If it's a problem, disable it (or the
problematic type of directives via
Am 19.11.2011 17:44, schrieb Issac Goldstand:
On 19/11/2011 00:38, William A. Rowe Jr. wrote:
Resource abuse of an .htaccess config in the form of
cpu/memory/bandwidth;
[ ] Represents a security defect
[X] Is not a security defect
The sysadmin knows best. If it's a problem, disable
Resource abuse of an .htaccess config in the form of cpu/memory/bandwidth;
[ ] Represents a security defect
[x ] Is not a security defect
No fine-grained controls on htaccess, we only provide the means to
delegate entire classes of directive.
After several prods, it seems the security@ and hackathon participants
can't be drawn out of their shells on to dev@. So I'll simply call for
a majority vote on the following statement...
Resource abuse of an .htaccess config in the form of cpu/memory/bandwidth;
[ ] Represents a security
On 19 Nov 2011, at 12:38 AM, William A. Rowe Jr. wrote:
After several prods, it seems the security@ and hackathon participants
can't be drawn out of their shells on to dev@. So I'll simply call
for
a majority vote on the following statement...
Resource abuse of an .htaccess config in the
On Sat, 2011-11-19 at 01:46 +0200, Graham Leggett wrote:
On 19 Nov 2011, at 12:38 AM, William A. Rowe Jr. wrote:
After several prods, it seems the security@ and hackathon participants
can't be drawn out of their shells on to dev@. So I'll simply call
for
a majority vote on the
On Friday 18 November 2011, William A. Rowe Jr. wrote:
Resource abuse of an .htaccess config in the form of
cpu/memory/bandwidth;
[ ] Represents a security defect
[X] Is not a security defect
This would obviously need to be clarified in the associated
.htaccess documentation, be
16 matches
Mail list logo