From: "Pier Fumagalli" <[EMAIL PROTECTED]>
Sent: Saturday, September 01, 2001 8:57 PM

> "Ryan Bloom" <[EMAIL PROTECTED]> wrote:
> > 
> > 3) I don't believe that we should be adding every possible module to the core
> > distribution.  I personally think we should leave the core as minimal as
> > possible, and only add more modules if they implement a part of the HTTP spec.
> I can't say much, as I'm not a developer of HTTPD, but I tend to share the
> feeling with Ryan on this. In the light of the latest security warnings on
> Tomcat, adding a single feature (CGI execution), compromised our entire
> core... And as Chuck forwarded to the members, it might be worth reading
> this <,4586,2792860,00.html>.
> Adding features to the core, unless they're absolutely 100% safe and 100%
> needed is, IMVVVVVVVVVVVHO, not a very good idea...

I concur.  I'd also point out that the more thoroughly we can document the new
hooks architechture, and expose the apr/apr-util/libhttpd api to the third party
developers, the more secure their modules stand to be.

By instituting additional internal interlocks (e.g. the request must have the
dir_walk/file_walk success tag before the core handler will work) and a very
predictable schema, that is successfully optimized, module authors won't spend
as much time hacking 'around' the core, and we will all enjoy significantly fewer
new holes in 2.0.

Let's make 2.0 the most _predictable_ release ever, and everyone benefits :-)


Reply via email to