httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: svn commit: r1387984 - /httpd/httpd/trunk/Makefile.win
Date Fri, 21 Sep 2012 12:05:43 GMT
On 21 Sep 2012, at 1:35 PM, Jeff Trawick <trawick@gmail.com> wrote:

> A script that leaks information should not be enabled unless the
> administrator takes an action specific to that script.
> 
> If the default configuration has cgi-bin disabled and the
> administrator then drops an application there and enables cgi-bin,
> they should not have to also disable printenv.
> 
> Perhaps at one point printenv was helpful to show somebody how easy it
> is to write a CGI script.  Those days are over for anyone that knows
> how to do a web search for "CGI <purpose>".  It could be helpful to
> debug some aspects of configuration, though that is an infrequent use.

+1.

Regards,
Graham
--


Mime
View raw message