httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: Basic Authentication from C
Date Thu, 02 May 2002 15:31:03 GMT

On Thu, 2 May 2002 rufustfirefly@subdimension.com wrote:
> I'm not quite following you concerning the reasoning; even
> if it is a huge security hole (for basic authentication...),
> why not allow a configuration directive letting this
> capability be set on or off? Then it would be possible to
> write CGI's that access the information only when it is
> neccessary.

Don't want to make it too easy for people to shoot themselves in the foot.
In general, if you don't have enough knowledge to recompile apache with
the appropriate pre-processor define, then you probably don't have enough
knowledge to understand the security implications of doing it.  (Of
course, there are always exceptions.)

Joshua.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message