You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2020/03/29 13:32:41 UTC
svn commit: r1875855 -
/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.html.en
Author: covener
Date: Sun Mar 29 13:32:40 2020
New Revision: 1875855
URL: http://svn.apache.org/viewvc?rev=1875855&view=rev
Log:
xforms w/ manual tweak.
java6, add CRLF for doctype
[skip ci]
Modified:
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.html.en
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.html.en?rev=1875855&r1=1875854&r2=1875855&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.html.en Sun Mar 29 13:32:40 2020
@@ -38,6 +38,14 @@
<tr><th><a href="module-dict.html#SourceFile">SourceĀ File:</a></th><td>mod_userdir.c</td></tr></table>
<h3>Summary</h3>
+<div class="warning">By using this module you are allowing multiple users
+to host content within the same origin. The same origin policy is a key
+principle of Javascript and web security. By hosting web pages in the same
+origin these pages can read and control each other and security issues in
+one page may affect another. This is particularly dangerous in combination
+with web pages involving dynamic content and authentication and when
+your users don't necessarily trust each other.</div>
+
<p>This module allows user-specific directories to be accessed using the
<code>http://example.com/~user/</code> syntax.</p>
</div>
@@ -212,4 +220,5 @@ if (typeof(prettyPrint) !== 'undefined')
prettyPrint();
}
//--><!]]></script>
-</body></html>
\ No newline at end of file
+</body></html>
+