www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@hyperreal.com
Subject Changed information for PR mod_include/697
Date Mon, 09 Jun 1997 05:26:34 GMT
Synopsis: A security tweak I've been using for a few years for SSI

State-Changed-From-To: open-analyzed
State-Changed-By: marc
State-Changed-When: Sun Jun  8 22:26:33 PDT 1997
I _think_ the intent is for people to use include virtual
instead of exec for that; even when IncludesNOEXEC is 
enabled, include virutal can currently still include a
script in a ScriptAliased CGI directory.  The documentation
seems to be a bit odd though, and it doesn't work for
scripts executed as CGIs outside ScriptAlised directories.

I will look at that a bit further... adding a directive
like you propose has been brought up several times and
rejected in favor of include virtual.

View raw message