httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <hart...@ooo.lanl.gov>
Subject Re: includes security hole
Date Tue, 11 Apr 1995 08:40:10 GMT
> 
> >Is there a way to block server side includes running "cmd", and
> >only allowing "cgi" ?
> 
> I've already thought about this, and was going to suggest the following:
> that #include be able to execute cgi scripts. I don't see any obvious
> security problems with this, even if cmd is blocked.

I had this working last night. I'll upload a patch sometime
today.

robh

Mime
View raw message