httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lucid <lu...@secret.org>
Subject Re: Server Side Include security question...
Date Fri, 14 Jun 1996 02:25:49 GMT
> 
> On Thu, 13 Jun 1996, Lucid wrote:
> > > <!--#exec cgi="/cgi-bin/navbar.cgi?area=1" --> 
> > > 
> > > would better in my opinion - not that there is some SSI spec which we must
> > > adhere to, but simply this seems to be the least different way of
> > > performing this.  However, as I understand it, this isn't possible for
> > > reasons of NCSA back compatibility, the NCSA 1.3 server would use the
> > > QUERY_STRING and PATH_INFO of the document being called (i.e.
> > > http://host/path/file.shtml/path_info?query_string) for whatever reason.
> > > However, I'm pretty sure <!--#include virtual="/cgi-bin/navbar.cgi?area=1"
> > > --> is the way to work around this.
> > > 
> > > Hmm, this should go in the FAQ.
> > > 
> > > 	Brian
> > > 
> > 
> > I was going to do just that except for
> > /* No hardwired path info or query allowed */
> > in the source... any way here is the patch that
> > makes <!--#exec cgi="/cgi-bin/navbar.cgi?area=1" --> work
> 
> It's already done.  The above mechanism (include virtual instead of
> exec cgi) works today.
> 
> 	Brian
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS
> 
> 

then WTF is exec for?

-bill

Mime
View raw message