I think there is some confusion here. The suggestion under discussion
was to have a URL in which a path ending in ';' indicated a *request*
by the client to execute a file and one without the ';' indicated a
*request* to view it as a file. In my opinion, no sensible server
implementor would design a system where permission to execute a script
implied permission to to view it as a text file or vice versa.
Certainly no one in this discussion made that suggestion.
Any mechanism to determine who has permission to do what must necessarily
be independent of the URL since the client can write any URL it wants.
Other reasons have been pointed out why it is not a good idea to have
the existence of PATH_INFO data (i.e. a ';') imply the file is to be
executed.
John Franks Dept of Math. Northwestern University
[email protected]