You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brian Behlendorf <br...@organic.com> on 1996/07/01 00:19:48 UTC

Re: WWW Form Bug Report: "SetEnv in .htaccess" on HPUX

On Sat, 29 Jun 1996, Ben Laurie wrote:
> > Could you elaborate?  I'm having trouble visualizing the potential
> > problems.
> 
> Well, the main point is that allowing users unrestricted access to environment
> variables is tantamount to giving them a login. Since more or less anything is
> possible from a login this is a Bad Thing. Of course, if the users already have
> logins, it doesn't matter. But if they don't...

Hmm, okay, I see your point.  If there was a way to make it an
"Options"-controllable behavior I suppose that would be best...

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS