You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jw...@apache.org on 2002/08/05 22:11:32 UTC

cvs commit: httpd-2.0/docs/manual/mod mod_info.xml

jwoolley    2002/08/05 13:11:32

  Modified:    docs/manual/mod mod_info.xml
  Log:
  Extra extra warnings.
  
  Submitted by: Zeno <ze...@cgisecurity.net>
  
  Revision  Changes    Path
  1.4       +8 -0      httpd-2.0/docs/manual/mod/mod_info.xml
  
  Index: mod_info.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_info.xml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -d -u -r1.3 -r1.4
  --- mod_info.xml	23 May 2002 14:50:11 -0000	1.3
  +++ mod_info.xml	5 Aug 2002 20:11:32 -0000	1.4
  @@ -48,6 +48,14 @@
         files, including <em>per</em>-directory files (<em>e.g.</em>,
         <code>.htaccess</code>). This may have security-related
         ramifications for your site.</p>
  +
  +      <p>In particular, this module can leak sensitive information
  +      from the configuration directives of other Apache modules such as
  +      system paths, usernames/passwords, database names, etc.  Due to
  +      the way this module works there is no way to block information
  +      from it.  Therefore, this module should ONLY be used in a controlled
  +      environment and always with caution.</p>
  +
       </note>
   </summary>