httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Will" <william.leon...@lxcenter.org>
Subject Re: httpd and cgi
Date Sun, 25 Nov 2012 01:17:04 GMT
The idea would be that the webserver would handle that file and send it to 
cgi and delete it.  But it is something to consider.  Thanks!

-Will

----- Original Message ----- 
From: "Graham Leggett" <minfrin@sharp.fm>
To: <dev@httpd.apache.org>
Sent: Saturday, November 24, 2012 8:00 PM
Subject: Re: httpd and cgi


On 25 Nov 2012, at 1:59 AM, "Will" <william.leonard@lxcenter.org> wrote:

> I was wondering how httpd handles POST requests to cgi.  Does it stream 
> the body directly from the client to the cgi program?  If this is the 
> case, what would be the downsides to streaming that to a file first and 
> going from the file (most likely filesystem cache) to the stdin of the cgi 
> program?

This would allow anybody to DoS your server by filling up the disk on 
purpose and prevent further legitimate requests.

Regards,
Graham
--



Mime
View raw message