httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@nueva.pvt.k12.ca.us>
Subject Re: security hole with ScriptLog
Date Sun, 12 Jan 1997 06:57:46 GMT
On Sun, 12 Jan 1997, Rob Hartill wrote:

> As for Alexei's comment about ScriptLog not really being for live servers,
> that's all fine and well, but there's no mention of that to the unsuspecting
> users..
> 
>   ScriptLog
>   
>   Syntax: ScriptLog filename
>   Default: none
>   Context: resource config
>   Status: mod_cgi 
>   
>   The ScriptLog directive sets the CGI script error logfile. If no
>   ScriptLog is given, no error log is created. If given, any CGI errors
>   are logged into the filename given as argument. If this is a
>   relative file or path it is taken relative to the server root. 
>  
> 
> - people reading that won't interpret the feature anywhere close to Alexei's
> interpretation.

Hmm. Point taken. I didn't write those docs... I'll go and add "buyer
beware" text to it.

-- 
________________________________________________________________________
Alexei Kosut <akosut@nueva.pvt.k12.ca.us>      The Apache HTTP Server
URL: http://www.nueva.pvt.k12.ca.us/~akosut/   http://www.apache.org/


Mime
View raw message