Pretty stupid thing to say. If the person who inputs the garbage is the admin (which is the case here, since only an admin can create rewrite rules) then it's not surprising that security might be compromised. There's no way you can make software safe from incompetent people with admin privileges.
I do not agree.
Software should prevent people, including even the most experienced admins, from making such mistakes. The fact that it's possible to make such a mistake is a flaw in the software.
What if the admin wants to do this intentionally to make internal resources available? Do you propose to limit the abilities of the regex in question to only make certain things possible? That doesn't seem like an improvement.
Like korgitser mentions in this comment [slashdot.org], exceptions can be made, but by default it shouldn't be possible. I'm not saying it should be absolutely impossible to do this, but add another layer of protection which prevents admins from accidentally doing something like this. If an admin intentionally wants to do this and sets a specific configuration flag which allows him to do so, then that's a different story.
Garbage in, (Score:1)
Garbage out. What else is new?
Re: (Score:5, Insightful)
Re: (Score:5, Insightful)
Pretty stupid thing to say. If the person who inputs the garbage is the admin (which is the case here, since only an admin can create rewrite rules) then it's not surprising that security might be compromised. There's no way you can make software safe from incompetent people with admin privileges.
Re: (Score:3)
Software should prevent people, including even the most experienced admins, from making such mistakes. The fact that it's possible to make such a mistake is a flaw in the software.
Re: (Score:2)
Re:Garbage in, (Score:2)