httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: nph- deprecation
Date Fri, 10 Jan 1997 12:53:09 GMT
Brian Behlendorf wrote:
> 
> On Wed, 8 Jan 1997 sameer@c2.net wrote:
> > 1) an option to disable nph: NphDisable
> > 	I do think #1 is worth going into the beta, because it is a
> > security thing. 
> 
> Hmm... what about instead, closing the fd to stdin to the nph script after the
> script starts outputting data?  That way the nph script can't answer a second
> kept-alive request and start spoofing things.  Will that work?  I'd +1 that as
> a security fix for 1.2.  Disabling NPH scripts isn't enough for 1.2 imho.
> 
> > 2) making my unbuffered cgi patch a "supported patch"
> 
> +1.
> 

+1
-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
                  "Not the Craw... the CRAW!"

Mime
View raw message