httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@telebase.com>
Subject Re: Default mime types update for 1.1?
Date Mon, 03 Jun 1996 06:22:54 GMT
Roy T. Fielding liltingly intones:
> 
> > application/x-httpd-cgi        cgi pl
> 
> No way -- .pl files on my server are perl scripts that are supposed
> to be read as text (i.e., the perl code I've distributed for libwww-perl,
> wwwstat, and MOMspider).  Including ".pl" in a cgi script name is a
> really bad idea anyway, since it gives additional information to a
> cracker for no good reason.
> 
> In any case, the only safe default distribution is one that forces
> the administrator to activate possibly-unsafe things, rather than have
> them lying around by default.
> 
You're right. I made the mistake of grabbing a diff off one of my
internal servers. 8^(

As Alexei pointed out, we use AddHandler now, anyway. I've removed this
from this particular machine, since it's running 1.1b3-dev.

And it's *not* on any of my external servers. This is just so I don't
get a raft of bozos plinking on my sites. Don't laugh, I never got a
nibble on ... after I mentioned here I was running fixed versions of
the server. 8^)

chuck
Chuck Murcko	N2K Inc.	Wayne PA	chuck@telebase.com
And now, on a lighter note:
Command, n.:
	Statement presented by a human and accepted by a computer in
such a manner as to make the human feel as if he is in control.

Mime
View raw message