[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-help-public] [sr #106321] Please allow for .htaccess files
|
From: |
Joerg Wunsch |
|
Subject: |
[Savannah-help-public] [sr #106321] Please allow for .htaccess files |
|
Date: |
Thu, 27 Mar 2008 10:17:40 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417 |
URL:
<http://savannah.gnu.org/support/?106321>
Summary: Please allow for .htaccess files
Project: Savannah Administration
Submitted by: joerg_wunsch
Submitted on: Thursday 03/27/2008 at 11:17
Category: None
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Assigned to: None
Originator Email:
Operating System: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
https://savannah.gnu.org/maintenance/HomePage
tells that .htaccess files are disabled for security reasons.
However, that justification also prevents many useful things,
like properly declaring MIME types and character sets (see
sr #105884 for one example). The workaround using the
http-equiv meta tag is a crock because it requires the
browser to reload the page once it parsed that tag, and
overriding MIME types is completely impossible that way.
Apache offers enough means to restrict the .htaccess use
to those directives that can be considered safe within
the server's context, so abusing them to get around the
symlink restrictions (which is used as the reasoning in
the above documentation link) can be safely prevented.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?106321>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Savannah-help-public] [sr #106321] Please allow for .htaccess files,
Joerg Wunsch <=