httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Dumpleton <>
Subject Re: [RFC] A new hook: invoke_handler and web-application security
Date Wed, 08 Apr 2009 02:27:05 GMT
2009/4/8 KaiGai Kohei <>:
> Graham Dumpleton wrote:
>> Explain first why using FASTCGI and suexec wouldn't be a better option?
> Thease are limited to cgi applications, so we cannot apply such kind
> of restriction on the built-in script languages and references on
> static documents (like *.html).

FASTCGI is not restricted to CGI applications. At least in the sense
that FASTCGI allows persistent processes rather than one off processes
like CGI. FASTCGI bindings are available for many different languages,
including scripting languages, so what 'built-in script languages' are
you talking about? The suexec mechanism comes into play as it allows
FASTCGI processes to run as a different user than Apache process.

The only reason for doing what you want in the Apache server child
processes is if they need to work directly with the internal Apache C
APIs to do stuff. You haven't yet demonstrated that that is what you
really need though and why FASTCGI couldn't be used instead.


View raw message