Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Mac OS X - Apache & Case Insensitive Filesystems
From: Kee Hinckley <nazgul () somewhere com>
Date: Mon, 11 Jun 2001 13:34:57 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 2:06 PM -0700 6/10/01, Paul Burney wrote:

 >   GET /TeSt/index.html

Though it causes a bit of a performance penalty, a .htaccess file in a
protected directory will resolve that problem.

I'm actually more concerned about scripting directives.  In 
particular, things like:

     <FilesMatch ".*\.epl$">
         Options ExecCgi
         AllowOverride AuthConfig FileInfo Indexes Limit Options
         SetHandler      perl-script
         PerlHandler     HTML::Embperl
     </FilesMatch>

I assume that if someone goes to
        foo.ePl
they are going to get the raw source code, and that is, needless to 
say, a potentially huge security risk.  (Yes, people *ought* to put 
their secure information in libraries outside of the web tree, 
but....)

- -- 

Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBOyUH2yZsPfdw+r2CEQLOfQCeLrH5M8OT6q6rVElT81CwHjOcdYwAn3Sy
+NFaRHcSK/ZRpuy9raGMF0as
=kCII
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]