You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mirrors@apache.org by Goran Oberg <go...@dc.luth.se> on 1997/06/13 11:39:01 UTC
Re: some updates [Goran Oberg ] (fwd)
> > "We will now be running CGI scripts on mirror sites." Hmm, I don't think it's
> > that easy. Apache is a great software in many ways, one of these ways is that
> > with a little basic knowledge of the Apache system it's quite easy to maintain
> > basic security. I would expect that most, if not all, mirrored www-sites won't
> > let any executable file with cgi-suffix be executed by default. At least it
> > wouldn't here at apache.dc.luth.se.
>
> Okay, sounds like a solid vote against in-place CGI's. Several sites
> do allow CGI's, and we will thoroughly examine whatever CGI's we give
> you to run. For example, none of the CGI's being given you you
> involve parsing or interpreting user input, so the chances for a
> security hole to pop up is much smaller.
Hmm, I'm sorry, I should have benn clearer on that. What I meant was that when
there's no explicit reasons for having CGI's and SSI etc, etc allowed, I always
have them turned off so I won't have to worry about any unexpected implications.
If CGI-programs are an essential part of the content that is mirrored I surely
won't have anything against it if there's reasonable security precautions taken.
So, my answer looking like a solid vote against CGI's was my fault.
Wkr
/G
--
Göran Öberg <go...@dc.luth.se> <URL:http://www.luth.se/~goggi/>
Computer Support Center Adm./CoAdm. of
Luleå University, SWEDEN {www,proxy,{www,apache}.dc,ftp}.luth.se
_________________________________________________________________________