httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <hart...@ooo.lanl.gov>
Subject Re: IncludesYesCGInoCMD
Date Thu, 13 Apr 1995 09:28:55 GMT

> >screw up lots of existing Options settings because IncludesNOEXEC 
> >would suddenly have changed in meaning... that *would* be a security
> >headache.
> 
> Err, name one. 8-)

hmmm, that's a toughy. How about spoofing someone else's cgi-work ?,
and throw in some choice words of my own to wrap around theirs, maybe.
Spoof a cgi-script in such a way that it always crashes, telling the
owner about an error that just isn't there..

The infinite team of monekys with PCs are working on worse scenarios :-)

> My main point is that IncludesYesCGInoCMD is just too ugly a name for
> probably the most useful option.

Well that's another issue, one that is easily solved by a rename.

robh


Mime
View raw message