You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jw...@apache.org on 2002/08/05 22:11:32 UTC
cvs commit: httpd-2.0/docs/manual/mod mod_info.xml
jwoolley 2002/08/05 13:11:32
Modified: docs/manual/mod mod_info.xml
Log:
Extra extra warnings.
Submitted by: Zeno <ze...@cgisecurity.net>
Revision Changes Path
1.4 +8 -0 httpd-2.0/docs/manual/mod/mod_info.xml
Index: mod_info.xml
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_info.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -u -r1.3 -r1.4
--- mod_info.xml 23 May 2002 14:50:11 -0000 1.3
+++ mod_info.xml 5 Aug 2002 20:11:32 -0000 1.4
@@ -48,6 +48,14 @@
files, including <em>per</em>-directory files (<em>e.g.</em>,
<code>.htaccess</code>). This may have security-related
ramifications for your site.</p>
+
+ <p>In particular, this module can leak sensitive information
+ from the configuration directives of other Apache modules such as
+ system paths, usernames/passwords, database names, etc. Due to
+ the way this module works there is no way to block information
+ from it. Therefore, this module should ONLY be used in a controlled
+ environment and always with caution.</p>
+
</note>
</summary>