httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: IncludesYesCGInoCMD
Date Tue, 18 Apr 1995 02:50:05 GMT
On Mon, 17 Apr 1995, Roy T. Fielding wrote:
> As security concerns go, this ones pretty marginal.  However, it is
> significant enough for me to pro-actively avoid the maintenance hassles
> of having to care about it.  As it stands now, I don't even have the time
> to check people's normal CGI scripts, so I just disallow them altogether
> until the department pulls together the funds for a real webmaster.

Okay.  Out of respect to Roy, who probably represents the needs of a 
large body of webmasters out there of sites with large untrusted user 
bases, and out of the realization that SSI's are fuct anyways, I rescind 
my veto of any patch that has IncludesYesCGINoCMD (though I'd rather see 
it named IncludesNoCMD), and I rescind my suggestion for making #include 
allow the output of CGI scripts.


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--  http://www.[hyperreal,organic].com/

View raw message