[rt-devel] [PATCH] FastCGI documentation update

Tom Hukins tom at eborcom.com
Wed Jan 9 15:55:20 EST 2002


On Wed, Jan 09, 2002 at 12:40:30PM -0800, Blair Zajac wrote:
> Jesse Vincent wrote:
> > 
> > As a heads up, you should be aware that your configuration change will break
> > attachment downloading.
> > 
> 
> OK.  Did the previous method with ScriptAlias ever work?

Having messed about with various aliasing and handler settings with
RT, I've noticed one problem that is rarely addressed is downloading
of Elements components.

If Mason is only used for requests ending in "/" or ".html", a user
can download any Elements file and view its source.  This isn't a huge
problem, but it's not what you'd expect, and it might help malicious
users find out more about a site's configuration.

Tom




More information about the Rt-devel mailing list