Return-Path: owner-new-httpd
Received: by taz.hyperreal.com (8.6.10/8.6.5) id HAA01527;
 Thu, 13 Apr 1995 07:59:09 -0700
Received: from cass41 by taz.hyperreal.com (8.6.10/8.6.5) with SMTP id
 HAA01514; Thu, 13 Apr 1995 07:59:02 -0700
Received: from mamba.ast.cam.ac.uk by cass41 with smtp
	(Smail3.1.29.1 #9) id m0rzQLb-00004FC; Thu, 13 Apr 95 15:58 BST
Received: by mamba.ast.cam.ac.uk (Smail-3.1.28.1)
	id m0rzQJa-0001VJC; Thu, 13 Apr 95 15:56 BST
Message-Id: <m0rzQJa-0001VJC@mamba.ast.cam.ac.uk>
Date: Thu, 13 Apr 95 15:56 BST
From: drtr@ast.cam.ac.uk (David Robinson)
To: new-httpd@hyperreal.com
Subject: IncludesYesCGInoCMD
Content-Length: 440
Sender: owner-new-httpd@hyperreal.com
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

Re Patch E66, which adds an IncludesYesCGInoCMD
I don't think one should have to change ones config files to allow #include
cgi scripts, as the security risk is low.
I would rather  Includes and IncludesNOEXEC allow #include of cgi scripts,
and instead create a IncludesNOEXECCGI which disallowed both #cmd _and_
#include of a cgi script. I don't think many people would need to use it,
although they might use it out of paranoia.

 David.