httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: Security gotcha
Date Tue, 20 Aug 1996 18:17:28 GMT
Alexei Kosut wrote:
> 
> On Tue, 20 Aug 1996, Ben Laurie wrote:
> 
> > I've just realised that this:
> > 
> > application/x-httpd-cgi         cgi
> > 
> > is in mime.types, meaning that the unwary Webmaster is enabling CGI without
> > realising it. Also, I thought the use of magic mime types was now deprecated?
> 
> Well, they're not enabling it unless you also use Options ExecCGI.

That would not appear to be true, actually. Maybe you have to be doing some
kind of Limit for it to be noticed? Try it!

> But yes, they are. Hmm.
> 
> > I think this entry (and any other similar ones) should be removed. Comments?
> 
> Probably, yes.

I'll take that as a +1. Any more takers?

Cheers,

Ben.

> 
> -- Alexei Kosut <akosut@organic.com>            The Apache HTTP Server 
>    http://www.nueva.pvt.k12.ca.us/~akosut/      http://www.apache.org/
> 

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.            Apache Group member (http://www.apache.org)

Mime
View raw message