Apache incompatibility with NCSA httpd, and possible security hole:
Apache server-side includes allow #include file=arbitrary-path
whereas NCSA only allows #include file=local-file
'arbitrary-path' is the name of any file on the system, whereas 'local-file'
can only be the name of a file in the same directory as the included file.
i.e. NCSA httpd does not allow '/' in 'local-file'.
As web-admins are expecting the NCSA behaviour, we should either document
this visibly, or fix it.
David.
Apache server-side includes allow #include file=arbitrary-path
whereas NCSA only allows #include file=local-file
'arbitrary-path' is the name of any file on the system, whereas 'local-file'
can only be the name of a file in the same directory as the included file.
i.e. NCSA httpd does not allow '/' in 'local-file'.
As web-admins are expecting the NCSA behaviour, we should either document
this visibly, or fix it.
David.