You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by bu...@apache.org on 2016/01/15 07:03:24 UTC
[Bug 57777] Security concerns with documentation of AddHandler (and
multiple file extensions)
https://bz.apache.org/bugzilla/show_bug.cgi?id=57777
--- Comment #1 from Luca Toscano <to...@gmail.com> ---
Definitely something to change, injecting files and then get them executed is
not really good. I really hope that in 2016 few people are still using mod_cgi,
but improving the documentation is always a good thing.
I am not an expert though about the correct settings to secure a configuration
like this one (except careful validation of the files received and Options
-ExecCGI in the appropriate folders), do you have any suggestion to speed up
the resolution of the bug?
Thanks!
Luca
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org