Re: default Apache configuration

To: debian-security@lists.debian.org
Subject: Re: default Apache configuration
From: "Justin R. Miller" <incanus@codesorcery.net>
Date: Tue, 12 Mar 2002 10:14:10 -0500
Message-id: <[🔎] 20020312151410.GA22902@mithrandir.codesorcery.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] E16knFY-0004IT-00@syjon.fantastyka.net>
References: <[🔎] 3C8E0C63.20AC508A@dreibrodt.de> <[🔎] E16knFY-0004IT-00@syjon.fantastyka.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Said Janusz A. Urbanowicz on Tue, Mar 12, 2002 at 03:27:35PM +0100:

> The programmer. This is a very bad practice, the password also lands
> in the logs of w3caches along the way, in browser history, etc.

Not to mention that if the user happens to link to another site from
this page, the query string will be seen in the HTTP referrer header on
the remote site, which often shows up in stats programs.  

- -- 
[!] Justin R. Miller <incanus@codesorcery.net>
    PGP 0xC9C40C31 -=- http://codesorcery.net

    http://www.cnn.com/2002/ALLPOLITICS/01/29/inv.terror.probe/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8jhtC94d6K8nEDDERAsJWAJ9RH35acbFTq5NCq2kgmmvdBsB8TgCeJph7
15Da2MZxGIrNQuaQAsqfUqo=
=kIvO
-----END PGP SIGNATURE-----

Reply to:

References:
- default Apache configuration
  - From: Ralf Dreibrodt <ralf@dreibrodt.de>
- Re: default Apache configuration
  - From: Janusz A.Urbanowicz <alex@bofh.torun.pl>

Prev by Date: Re: MS Front page extensions for Linux
Next by Date: RE: default Apache configuration
Previous by thread: Re: default Apache configuration
Next by thread: Re: default Apache configuration
Index(es):
- Date
- Thread