Security issue when defining wrong location directive in Apache
From: Sander <boxtel_at_gmail.com>
Date: 2006-01-17 00:50:52 CET
Hi,
Can anybody confirm this.
I had some repositories under my https-root ..
My Apache conf was:
<Location /svn>
AuthType Basic
</Location>
This looks quite ok doesnt it ?
BUT, when somebody would be smart and guessed a URL .. he could browse
So isn't it best practise to name the last part of the SVNParentPath /
Maybe this could be emphasized some more in the manual !
With regards,
Sander.
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.