You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by jw...@apache.org on 2002/08/05 22:11:57 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/mod mod_info.html.en
jwoolley 2002/08/05 13:11:57
Modified: htdocs/manual/mod mod_info.html.en
Log:
Extra extra warnings.
Submitted by: Zeno <ze...@cgisecurity.net>
Revision Changes Path
1.13 +8 -0 httpd-docs-1.3/htdocs/manual/mod/mod_info.html.en
Index: mod_info.html.en
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/mod_info.html.en,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -u -r1.12 -r1.13
--- mod_info.html.en 8 Oct 2001 01:34:31 -0000 1.12
+++ mod_info.html.en 5 Aug 2002 20:11:57 -0000 1.13
@@ -69,6 +69,14 @@
files, including <em>per</em>-directory files (<em>e.g.</em>,
<samp>.htaccess</samp>). This may have security-related
ramifications for your site.</strong></p>
+
+ <p>In particular, this module can leak sensitive information
+ from the configuration directives of other Apache modules such as
+ system paths, usernames/passwords, database names, etc. Due to
+ the way this module works there is no way to block information
+ from it. Therefore, this module should ONLY be used in a controlled
+ environment and always with caution.</p>
+
</blockquote>
<hr />
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org