Re: some updates [Goran Oberg ] (fwd)

[Goran Oberg <go...@dc.luth.se>]

> > "We will now be running CGI scripts on mirror sites." Hmm, I don't think it's
> > that easy. Apache is a great software in many ways, one of these ways is that
> > with a little basic knowledge of the Apache system it's quite easy to maintain
> > basic security. I would expect that most, if not all, mirrored www-sites won't
> > let any executable file with cgi-suffix be executed by default. At least it 
> > wouldn't here at apache.dc.luth.se.
> 
> Okay, sounds like a solid vote against in-place CGI's.  Several sites
> do allow CGI's, and we will thoroughly examine whatever CGI's we give
> you to run.  For example, none of the CGI's being given you you
> involve parsing or interpreting user input, so the chances for a
> security hole to pop up is much smaller.

Hmm, I'm sorry, I should have benn clearer on that. What I meant was that when
there's no explicit reasons for having CGI's and SSI etc, etc allowed, I always
have them turned off so I won't have to worry about any unexpected implications.

If CGI-programs are an essential part of the content that is mirrored I surely
won't have anything against it if there's reasonable security precautions taken.

So, my answer looking like a solid vote against CGI's was my fault.


Wkr


/G

-- 
 Göran Öberg <go...@dc.luth.se>        <URL:http://www.luth.se/~goggi/>
 Computer Support Center                       Adm./CoAdm. of
 Luleå University, SWEDEN         {www,proxy,{www,apache}.dc,ftp}.luth.se
_________________________________________________________________________