httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@dsndata.com>
Subject Re: votes for 0.6 SUMMARY
Date Fri, 14 Apr 1995 20:07:31 GMT

>  
> > > > E66_cgi_no_cmd_incs.txt 		-1
> > > > Sounds like there are some better solutions afoot.
>  
> > > I'd like to know why Brian and Randy have vetoed this.
>  
> > I guess I don't understand why IncludesNoEXEC does not
> > accomplish the same thing.  Educate me.
> 
> IncludesNoEXEC disables cgi and cmd  types of include
> 
> cmd are undersirable to some people, hence the need for IncludesNoEXEC,
> 
> but if you already allow CGI scripts to be executed, 
> you might want to just block the cmd's and let the cgi's be included.
> If you're really paranoid, you block both.

Color me dense.  Why would I not allow EXEC, but allow CGI?

I'm willing to raise my vote to a 0....

:-)




Mime
View raw message