From: Cliff Woolley <jwoolley@apache.org>
Date: Mon, 5 Aug 2002 20:11:32 +0000 (+0000)
Subject: Extra extra warnings.
X-Git-Tag: 2.0.40~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10088ce4933d133eff46e9a3ecbc0700de9c3200;p=thirdparty%2Fapache%2Fhttpd.git

Extra extra warnings.

Submitted by: Zeno <zeno@cgisecurity.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96311 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_info.xml b/docs/manual/mod/mod_info.xml
index 0f5f6475c68..16e2f7e86c5 100644
--- a/docs/manual/mod/mod_info.xml
+++ b/docs/manual/mod/mod_info.xml
@@ -48,6 +48,14 @@ SetHandler server-info<br />
       files, including <em>per</em>-directory files (<em>e.g.</em>,
       <code>.htaccess</code>). This may have security-related
       ramifications for your site.</p>
+
+      <p>In particular, this module can leak sensitive information
+      from the configuration directives of other Apache modules such as
+      system paths, usernames/passwords, database names, etc.  Due to
+      the way this module works there is no way to block information
+      from it.  Therefore, this module should ONLY be used in a controlled
+      environment and always with caution.</p>
+
     </note>
 </summary>