httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: Basic Authentication from C
Date Thu, 02 May 2002 15:31:03 GMT

On Thu, 2 May 2002 wrote:
> I'm not quite following you concerning the reasoning; even
> if it is a huge security hole (for basic authentication...),
> why not allow a configuration directive letting this
> capability be set on or off? Then it would be possible to
> write CGI's that access the information only when it is
> neccessary.

Don't want to make it too easy for people to shoot themselves in the foot.
In general, if you don't have enough knowledge to recompile apache with
the appropriate pre-processor define, then you probably don't have enough
knowledge to understand the security implications of doing it.  (Of
course, there are always exceptions.)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message