You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/09/23 06:50:21 UTC

DO NOT REPLY [Bug 41760] "AllowOverride None" considered harmful to security, deprecate it

https://issues.apache.org/bugzilla/show_bug.cgi?id=41760

Matt McCutchen <ma...@mattmccutchen.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |
            Summary|.htaccess file ignored if   |"AllowOverride None"
                   |AllowOverride None is used  |considered harmful to
                   |                            |security, deprecate it
           Severity|critical                    |major

--- Comment #16 from Matt McCutchen <ma...@mattmccutchen.net> 2009-09-22 21:50:14 PDT ---
I'm sticking my neck out and reopening for the proposal in comment #15.  Again,
I understand the need not to break existing configurations that use
"AllowOverride None", but I would like to call attention to the issue however
possible so that web site admins don't make this mistake in the future.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org