You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Steve O'Hara-Smith <s....@elsevier.nl> on 1997/11/19 10:30:01 UTC

Re: general/1433: Double login with partially specified request

The following reply was made to PR general/1433; it has been noted by GNATS.

From: Steve O'Hara-Smith <s....@elsevier.nl>
To: Dean Gaudet <dg...@arctic.org>
Cc: apbugs@apache.org
Subject: Re: general/1433: Double login with partially specified request
Date: Wed, 19 Nov 1997 10:19:00 +0100 (MET)

 On 19-Nov-97 Dean Gaudet wrote:
 >Yes if the object is handled in the filesystem that is true, but there's
 >no reason the object has to be handled in the filesystem.  Something later
 >on in the phases can decide to map it to a CGI, or to a database object,
 >or something else.  Apache has no idea until it runs those phases, and it
 >can't run them until the access checks pass. 
 >
 
         Ahah, so this provides a mechanism for using the filesystem to secure
 objects that aren't served from the filesystem. Clever, and perhaps worth
 putting in the FAQ.
 
         Thank you for your time and trouble on this one.
 
 -----------------------------------------------------------------------
 >From Steve O'Hara-Smith  <s....@elsevier.nl> On 19-Nov-97 At 10:19:02
 
      Tell a computer to WIN and ...                       ... You LOSE!
 -----------------------------------------------------------------------