httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <hart...@ooo.lanl.gov>
Subject Re: IncludesYesCGInoCMD
Date Thu, 13 Apr 1995 09:05:38 GMT
 
> Re Patch E66, which adds an IncludesYesCGInoCMD
> I don't think one should have to change ones config files to allow #include
> cgi scripts, as the security risk is low.
> I would rather  Includes and IncludesNOEXEC allow #include of cgi scripts,
> and instead create a IncludesNOEXECCGI which disallowed both #cmd _and_
> #include of a cgi script. I don't think many people would need to use it,
> although they might use it out of paranoia.

it might be preferable syntactically, but it will probably
screw up lots of existing Options settings because IncludesNOEXEC 
would suddenly have changed in meaning... that *would* be a security
headache.



Mime
View raw message