Received: by taz.hyperreal.com (8.6.12/8.6.5) id TAA21592; Thu, 13 Jun 1996 19:20:26 -0700 Received: from the.secret.org by taz.hyperreal.com (8.6.12/8.6.5) with ESMTP id TAA21584; Thu, 13 Jun 1996 19:20:23 -0700 Received: (from lucid@localhost) by the.secret.org (8.6.12/8.6.12) id WAA05229 for new-httpd@hyperreal.com; Thu, 13 Jun 1996 22:25:50 -0400 From: Lucid Message-Id: <199606140225.WAA05229@the.secret.org> Subject: Re: Server Side Include security question... To: new-httpd@hyperreal.com Date: Thu, 13 Jun 1996 22:25:49 -0400 (EDT) In-Reply-To: from "Brian Behlendorf" at Jun 13, 96 05:55:52 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 1269 Sender: owner-new-httpd@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com > > On Thu, 13 Jun 1996, Lucid wrote: > > > > > > > > > would better in my opinion - not that there is some SSI spec which we must > > > adhere to, but simply this seems to be the least different way of > > > performing this. However, as I understand it, this isn't possible for > > > reasons of NCSA back compatibility, the NCSA 1.3 server would use the > > > QUERY_STRING and PATH_INFO of the document being called (i.e. > > > http://host/path/file.shtml/path_info?query_string) for whatever reason. > > > However, I'm pretty sure is the way to work around this. > > > > > > Hmm, this should go in the FAQ. > > > > > > Brian > > > > > > > I was going to do just that except for > > /* No hardwired path info or query allowed */ > > in the source... any way here is the patch that > > makes work > > It's already done. The above mechanism (include virtual instead of > exec cgi) works today. > > Brian > > --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- > brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS > > then WTF is exec for? -bill