You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by jw...@apache.org on 2002/08/05 22:11:57 UTC

cvs commit: httpd-docs-1.3/htdocs/manual/mod mod_info.html.en

jwoolley    2002/08/05 13:11:57

  Modified:    htdocs/manual/mod mod_info.html.en
  Log:
  Extra extra warnings.
  
  Submitted by:  Zeno <ze...@cgisecurity.net>
  
  Revision  Changes    Path
  1.13      +8 -0      httpd-docs-1.3/htdocs/manual/mod/mod_info.html.en
  
  Index: mod_info.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/mod_info.html.en,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -d -u -r1.12 -r1.13
  --- mod_info.html.en	8 Oct 2001 01:34:31 -0000	1.12
  +++ mod_info.html.en	5 Aug 2002 20:11:57 -0000	1.13
  @@ -69,6 +69,14 @@
         files, including <em>per</em>-directory files (<em>e.g.</em>,
         <samp>.htaccess</samp>). This may have security-related
         ramifications for your site.</strong></p>
  +
  +      <p>In particular, this module can leak sensitive information
  +      from the configuration directives of other Apache modules such as
  +      system paths, usernames/passwords, database names, etc.  Due to
  +      the way this module works there is no way to block information
  +      from it.  Therefore, this module should ONLY be used in a controlled
  +      environment and always with caution.</p>
  +
       </blockquote>
       <hr />
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org