httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bl...@uiuc.edu (Brandon Long)
Subject Re: mod_cgissi
Date Mon, 04 Nov 1996 18:22:31 GMT
On 11/4, Rob Hartill uttered the following other thing:
> Brian Behlendorf wrote:
> 
>>So, our engineers here are screaming for a way to do SSI parsing on CGI output
> 
> They could always use NCSA httpd. I hear they have it.

Heh.  Yeah.  #define CGI_SSI_HACK, which was necessary for SHTTP (where there
are SSI directives for including the server keys and the like, which
can't be reasonably assumed that to be included in a CGI script.  It involves
one byte socket reads again though, so I highly suggest against it.  As
for the security hole feature, that falls into the shoot yourself in the
foot category.

A restricted set of SSI directives could both be useable and relatively
safe . . .

Brandon
-- 
 Brandon Long         "Investment in reliability increases until it
 MD6 Crash Test Dummy   exceeds the probable cost of errors, or until
 Intel Corp, Oregon      someone insists on getting some useful work done."
          I'm too low on the totem pole to speak for Intel.
                  http://www.uiuc.edu/ph/www/blong  

Mime
View raw message