httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David Robinson)
Subject Re: includes security hole
Date Tue, 11 Apr 1995 10:52:00 GMT
>Is there a way to block server side includes running "cmd", and
>only allowing "cgi" ?

I've already thought about this, and was going to suggest the following:
that #include be able to execute cgi scripts. I don't see any obvious
security problems with this, even if cmd is blocked.


View raw message