httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@liege.ICS.UCI.EDU>
Subject Re: WWW Form Bug Report: "arbitrary cgi access???" on Irix
Date Thu, 19 Sep 1996 17:17:34 GMT
>>I ran into a nasty little surprise this evening.
>>By default, any user which creates a ".cgi" file
>>or program in their areas can generate full CGI
>>programs.  This is w/o having the 
>>
>>	#AddHandler cgi-script .cgi
>>
>>script uncommented in the srm.conf.  The only
>>way to stop this is to remove the .cgi mapping in
>>the mime-types file.

Just delete the line in conf/mime.types that sets the cgi extension.
It will not be there in the next release.

Thanks,

 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92697-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/

Mime
View raw message