httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bl...@uiuc.edu (Brandon Long)
Subject Re: mod_cgissi
Date Mon, 04 Nov 1996 21:07:50 GMT
On 11/4, Rob Hartill uttered the following other thing:
> Brandon Long wrote:
> 
> >> They could always use NCSA httpd. I hear they have it.
> >
> >Heh.  Yeah.  #define CGI_SSI_HACK, which was necessary for SHTTP (where there
> >are SSI directives for including the server keys and the like, which
> >can't be reasonably assumed that to be included in a CGI script.  It involves
> >one byte socket reads again though, so I highly suggest against it.  As
> >for the security hole feature, that falls into the shoot yourself in the
> >foot category.
> 
> The trick is to explain to people the dangers of the gun they're holding
> before they shoot their feet. How does NCSA explain the dangers ?

Well, the feature isn't really documented, and it is a #define, and there
is a warning in the comment about it.  So, the answer is not really, I guess.

Guess I should warn someone there about that.

Brandon
-- 
 Brandon Long         "Investment in reliability increases until it
 MD6 Crash Test Dummy   exceeds the probable cost of errors, or until
 Intel Corp, Oregon      someone insists on getting some useful work done."
          I'm too low on the totem pole to speak for Intel.
                  http://www.uiuc.edu/ph/www/blong  

Mime
View raw message