bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security Breach Alert - CVS Home File Download Area Compromised


From: Conrad T. Pino
Subject: RE: Security Breach Alert - CVS Home File Download Area Compromised
Date: Wed, 26 Jan 2005 17:07:46 -0800

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Kenneth & Philippe,

The MIME type supplied to the browser is determined by Apache:
http://httpd.apache.org/docs-2.0/mod/mod_mime.html#typesconfig

I run an Apache 2.0.43 server not too different than the Apache
2.0.47 server Collab Net runs on www.cvshome.org site.

The default configuration I used demonstrates "auto magic" file
decompression and an inability to download "*.gz.sig" files.

The following "AddTypes" work with "*.gz" file but the "*.gz.sig"
file is still problematic even though the MIME types changes from
being the "text/plain" default for both to specific values selected
below:

        AddType application/pgp-signature .sig
        AddType application/x-gzip .gz

I now believe we can resolve all the symptoms I've reported by
choosing appropriate MIME type and file extension mappings and
configuring Apache accordingly.

Mark Bauske and Larry Jones put forward this hypothesis and I've
been able to prove some of it.

Here's what Microsoft said about IE and MIME types:
http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp

Does the Collab Net team have any suggestions for mapping MIME
types and file extensions to get the popular browsers working
well?

Best regards,

Conrad

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBQfg+4bNM28ubzTo9EQJc5gCg2I8KhKjkk/lUzheVe5Ks3lGHDvcAn1qe
OfImEoZPiBigTkO+M1qLlirh
=Ew4p
-----END PGP SIGNATURE-----





reply via email to

[Prev in Thread] Current Thread [Next in Thread]