httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Apache envirorement variables tainted in cgi?
Date Sun, 13 Oct 2002 19:29:21 GMT
Sander Holthaus - Orange XL wrote:
> Does apache check information in HTTP-headers before pasing them as
> ENV-variables?

No.  If you use env-variables in dangerous ways (including showing them 
to clients), you MUST encode them yourself to prevent security problems.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message