Not really an XXX here

author William A. Rowe Jr <wrowe@apache.org>

Thu, 13 Dec 2001 17:24:27 +0000 (17:24 +0000)

committer William A. Rowe Jr <wrowe@apache.org>

Thu, 13 Dec 2001 17:24:27 +0000 (17:24 +0000)
author William A. Rowe Jr <wrowe@apache.org>
Thu, 13 Dec 2001 17:24:27 +0000 (17:24 +0000)
committer William A. Rowe Jr <wrowe@apache.org>
Thu, 13 Dec 2001 17:24:27 +0000 (17:24 +0000)
diff --git a/modules/metadata/mod_cern_meta.c b/modules/metadata/mod_cern_meta.c

index 4bb69ec3bcbb5faee65a6525ac3e696259586845..e9ed8ab299ef117b8996fe95f10994b562fc88f3 100644 (file)
--- a/modules/metadata/mod_cern_meta.c
+++ b/modules/metadata/mod_cern_meta.c
@@ -361,10 +361,16 @@ static int add_cern_meta_data(request_rec *r)
                  dconf->metasuffix ? dconf->metasuffix : DEFAULT_METASUFFIX,
                            NULL);
  
-    /* XXX: it sucks to require this subrequest to complete, because this
+    /* It sucks to require this subrequest to complete, because this
       * means people must leave their meta files accessible to the world.
       * A better solution might be a "safe open" feature of pfopen to avoid
       * pipes, symlinks, and crap like that.
+     *
+     * In fact, this doesn't suck.  Because <Location > blocks are never run
+     * against sub_req_lookup_file, the meta can be somewhat protected by
+     * either masking it with a <Location > directive or alias, or stowing
+     * the file outside of the web document tree, while providing the
+     * appropriate directory blocks to allow access to it as a file.
       */
      rr = ap_sub_req_lookup_file(metafilename, r, NULL);
      if (rr->status != HTTP_OK) {
author	William A. Rowe Jr <wrowe@apache.org>
	Thu, 13 Dec 2001 17:24:27 +0000 (17:24 +0000)
committer	William A. Rowe Jr <wrowe@apache.org>
	Thu, 13 Dec 2001 17:24:27 +0000 (17:24 +0000)