You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Astrid Keßler <ke...@kess-net.de> on 2005/04/01 21:12:02 UTC
Re: RFC: UserDir off by default for 2.1/2.2
JO> Enabling UserDir by default can allow remote users to determine whether
JO> a given username is valid on the system or not, even if no users have a
JO> public_html directory, from the difference between a 403 from a chmod
JO> 700 /home/realuser and a 404 from not finding /home/nosuchuser.
JO> After a few iterations which did confuse people, we ended up using text
JO> like this for the default Red Hat-packaged httpd.conf:
+1 on patch
Kess