You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/09/23 06:50:21 UTC
DO NOT REPLY [Bug 41760] "AllowOverride None" considered harmful to
security, deprecate it
https://issues.apache.org/bugzilla/show_bug.cgi?id=41760
Matt McCutchen <ma...@mattmccutchen.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
Summary|.htaccess file ignored if |"AllowOverride None"
|AllowOverride None is used |considered harmful to
| |security, deprecate it
Severity|critical |major
--- Comment #16 from Matt McCutchen <ma...@mattmccutchen.net> 2009-09-22 21:50:14 PDT ---
I'm sticking my neck out and reopening for the proposal in comment #15. Again,
I understand the need not to break existing configurations that use
"AllowOverride None", but I would like to call attention to the issue however
possible so that web site admins don't make this mistake in the future.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org