httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: svn commit: r1387984 - /httpd/httpd/trunk/
Date Fri, 21 Sep 2012 12:05:43 GMT
On 21 Sep 2012, at 1:35 PM, Jeff Trawick <> wrote:

> A script that leaks information should not be enabled unless the
> administrator takes an action specific to that script.
> If the default configuration has cgi-bin disabled and the
> administrator then drops an application there and enables cgi-bin,
> they should not have to also disable printenv.
> Perhaps at one point printenv was helpful to show somebody how easy it
> is to write a CGI script.  Those days are over for anyone that knows
> how to do a web search for "CGI <purpose>".  It could be helpful to
> debug some aspects of configuration, though that is an infrequent use.



View raw message