[discuss] "Security" change to default configs trunk/2.2/2.0

["William A. Rowe Jr." <wr...@rowe-clan.net>]

On 9/8/2011 12:51 AM, Igor Galić wrote:
> 
> Who knows how many configs we're breaking with that?
> Also I don't quite see how it's a security thing, at best "security"
> and, for sure, a performance thing (notice: No "") 

Good point.  In answer to your question, the combination of AddType
(e.g. .html to includes-filter) with additional exceptions might
circumvent protections which the user anticipated placed on *.html,
assuming those were all of the extensions.  We see such noise in the
php community all of the time, and it is a frequent [and invalid]
security report.