You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Astrid Keßler <ke...@kess-net.de> on 2005/04/01 21:12:02 UTC

Re: RFC: UserDir off by default for 2.1/2.2

JO> Enabling UserDir by default can allow remote users to determine whether
JO> a given username is valid on the system or not, even if no users have a
JO> public_html directory, from the difference between a 403 from a chmod
JO> 700 /home/realuser and a 404 from not finding /home/nosuchuser.

JO> After a few iterations which did confuse people, we ended up using text
JO> like this for the default Red Hat-packaged httpd.conf:

+1 on patch

Kess