httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: mod_cgissi
Date Sun, 03 Nov 1996 23:34:36 GMT
On Sun, 3 Nov 1996, Nathan Neulinger wrote:
> Almost every cgi script EVER written would become an instant security hole
> if this were enabled.

Anyone who doesn't validate their input is asking for it in one way or another,
but I agree that this would open up another area for lazy cgi authors to
concern themselves about.  If it were made part of the distribution, that
would have to be well documented, sure.  As it is we'd probably even give it a
different file suffix and handler, say .scgi.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS


Mime
View raw message