httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: security hole with ScriptLog
Date Sun, 12 Jan 1997 06:57:46 GMT
On Sun, 12 Jan 1997, Rob Hartill wrote:

> As for Alexei's comment about ScriptLog not really being for live servers,
> that's all fine and well, but there's no mention of that to the unsuspecting
> users..
>   ScriptLog
>   Syntax: ScriptLog filename
>   Default: none
>   Context: resource config
>   Status: mod_cgi 
>   The ScriptLog directive sets the CGI script error logfile. If no
>   ScriptLog is given, no error log is created. If given, any CGI errors
>   are logged into the filename given as argument. If this is a
>   relative file or path it is taken relative to the server root. 
> - people reading that won't interpret the feature anywhere close to Alexei's
> interpretation.

Hmm. Point taken. I didn't write those docs... I'll go and add "buyer
beware" text to it.

Alexei Kosut <>      The Apache HTTP Server

View raw message