httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From k...@apache.org
Subject cvs commit: httpd-2.0/docs/manual/mod core.xml core.html.en
Date Sat, 28 Jun 2003 22:51:13 GMT
kess        2003/06/28 15:51:13

  Modified:    docs/manual/mod Tag: APACHE_2_0_BRANCH core.xml core.html.en
  Log:
  explain ScriptInterpreterSource a little bit more
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.46.2.20 +37 -7     httpd-2.0/docs/manual/mod/core.xml
  
  Index: core.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/core.xml,v
  retrieving revision 1.46.2.19
  retrieving revision 1.46.2.20
  diff -u -r1.46.2.19 -r1.46.2.20
  --- core.xml	27 May 2003 21:55:01 -0000	1.46.2.19
  +++ core.xml	28 Jun 2003 22:51:12 -0000	1.46.2.20
  @@ -2429,17 +2429,47 @@
   
   <usage>
       <p>This directive is used to control how Apache finds the
  -    interpreter used to run CGI scripts. The default technique is to
  -    use the interpreter pointed to by the <code>#!</code> line in the
  -    script.</p>
  +    interpreter used to run CGI scripts. The default setting is
  +    <code>Script</code>. This causes Apache to use the interpreter pointed
to
  +    by the shebang line (first line, starting with <code>#!</code>) in the
  +    script. On Win32 systems this line usually looks like:</p>
  +
  +    <example>
  +      #!C:/Perl/bin/perl.exe
  +    </example>
  +
  +    <p>or, if perl is in <code>PATH</code>, simply:</p>
  +
  +    <example>
  +      #!perl
  +    </example>
   
       <p>Setting <code>ScriptInterpreterSource Registry</code> will
  -    cause the Windows Registry to be searched using the script file
  -    extension (e.g., <code>.pl</code>) as a search key.</p>
  +    cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
  +    searched using the script file extension (e.g., <code>.pl</code>) as a
  +    search key. The command defined by the registry subkey
  +    <code>Shell\Open\Command</code> is used to open the script file. In absence
  +    of the file extension key or the <code>Shell\Open\Command</code> subkey
  +    Apache uses the <code>Script</code> option.</p>
  +
  +    <note type="warning"><title>Security</title>
  +      <p>Be careful to use <code>ScriptInterpreterSource Registry</code>
with 
  +      <directive module="mod_alias">ScriptAlias</directive>'ed directories,
  +      because Apache is trying to execute <strong>every</strong> file within
  +      this directory. The <code>Registry</code> setting may cause undesired
  +      program calls on files, which are usually not executed. For example, the
  +      default open command on <code>.htm</code> files on most Windows systems
is
  +      executing the Microsoft Internet Explorer, so any HTTP request for an
  +      <code>.htm</code> file existing within the script directory would start
  +      the browser in background. This is an effective method to crash your
  +      system within a minute or so.</p>
  +    </note>
   
       <p>The option <code>Registry-Strict</code> which is new in Apache
2.0
  -    does the same as <code>Registry</code> but uses a more strict registry
  -    search.</p>
  +      does the same as <code>Registry</code> but uses the subkey
  +      <code>Shell\ExecCGI\Command</code> instead. The <code>ExecCGI</code>
key
  +      is not a common one. It has to be configured manually and prevents your
  +      system from accidental program calls.</p>
   </usage>
   </directivesynopsis>
   
  
  
  
  1.46.2.26 +37 -7     httpd-2.0/docs/manual/mod/core.html.en
  
  Index: core.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/core.html.en,v
  retrieving revision 1.46.2.25
  retrieving revision 1.46.2.26
  diff -u -r1.46.2.25 -r1.46.2.26
  --- core.html.en	29 May 2003 19:29:44 -0000	1.46.2.25
  +++ core.html.en	28 Jun 2003 22:51:12 -0000	1.46.2.26
  @@ -2480,17 +2480,47 @@
   later</td></tr>
   </table>
       <p>This directive is used to control how Apache finds the
  -    interpreter used to run CGI scripts. The default technique is to
  -    use the interpreter pointed to by the <code>#!</code> line in the
  -    script.</p>
  +    interpreter used to run CGI scripts. The default setting is
  +    <code>Script</code>. This causes Apache to use the interpreter pointed
to
  +    by the shebang line (first line, starting with <code>#!</code>) in the
  +    script. On Win32 systems this line usually looks like:</p>
  +
  +    <div class="example"><p><code>
  +      #!C:/Perl/bin/perl.exe
  +    </code></p></div>
  +
  +    <p>or, if perl is in <code>PATH</code>, simply:</p>
  +
  +    <div class="example"><p><code>
  +      #!perl
  +    </code></p></div>
   
       <p>Setting <code>ScriptInterpreterSource Registry</code> will
  -    cause the Windows Registry to be searched using the script file
  -    extension (e.g., <code>.pl</code>) as a search key.</p>
  +    cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
  +    searched using the script file extension (e.g., <code>.pl</code>) as a
  +    search key. The command defined by the registry subkey
  +    <code>Shell\Open\Command</code> is used to open the script file. In absence
  +    of the file extension key or the <code>Shell\Open\Command</code> subkey
  +    Apache uses the <code>Script</code> option.</p>
  +
  +    <div class="warning"><h3>Security</h3>
  +      <p>Be careful to use <code>ScriptInterpreterSource Registry</code>
with 
  +      <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>'ed
directories,
  +      because Apache is trying to execute <strong>every</strong> file within
  +      this directory. The <code>Registry</code> setting may cause undesired
  +      program calls on files, which are usually not executed. For example, the
  +      default open command on <code>.htm</code> files on most Windows systems
is
  +      executing the Microsoft Internet Explorer, so any HTTP request for an
  +      <code>.htm</code> file existing within the script directory would start
  +      the browser in background. This is an effective method to crash your
  +      system within a minute or so.</p>
  +    </div>
   
       <p>The option <code>Registry-Strict</code> which is new in Apache
2.0
  -    does the same as <code>Registry</code> but uses a more strict registry
  -    search.</p>
  +      does the same as <code>Registry</code> but uses the subkey
  +      <code>Shell\ExecCGI\Command</code> instead. The <code>ExecCGI</code>
key
  +      is not a common one. It has to be configured manually and prevents your
  +      system from accidental program calls.</p>
   
   </div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  
  
  

Mime
View raw message