httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Dumpleton <>
Subject Re: [RFC] A new hook: invoke_handler and web-application security
Date Wed, 08 Apr 2009 06:39:01 GMT
2009/4/8 KaiGai Kohei <>:
> Graham Dumpleton wrote:
>> 2009/4/8 KaiGai Kohei <>:
>>> Graham Dumpleton wrote:
>>>> Explain first why using FASTCGI and suexec wouldn't be a better option?
>>> Thease are limited to cgi applications, so we cannot apply such kind
>>> of restriction on the built-in script languages and references on
>>> static documents (like *.html).
>> FASTCGI is not restricted to CGI applications. At least in the sense
>> that FASTCGI allows persistent processes rather than one off processes
>> like CGI. FASTCGI bindings are available for many different languages,
>> including scripting languages, so what 'built-in script languages' are
>> you talking about? The suexec mechanism comes into play as it allows
>> FASTCGI processes to run as a different user than Apache process.
> Hmm... I'll try to search for more details of features of FastCGI.
> If you have a hint, could you tell for the questions currently I have?
> IIRC, the CGI version of PHP cannot handle applications which write
> out special HTTP headers, such as WWW-Authenticate: or Location:.
> Is it possible to handle correctly in FastCGI?
> I could not find FastCGI support for WebDav. Is it possible to control
> accesses on files using SELinux?

FASTCGI is effectively a wire protocol. Something like WebDav wouldn't
target FASTCGI directly. Instead, WebDav would be implemented on top
of some web framework system. That web framework system just may so
happen to support use of FASTCGI for hosting. For example, there are
Python modules available for doing WebDav stuff and these might
technically be used in a WSGI application hosted on top of FASTCGI
using flup adapter. Wouldn't be surprised if there was WebDav stuff
available for Perl as well.

Suggest you go and read about FASTCGI and get a clearer understanding
of what it is and isn't.


View raw message