Gre7g Luterman <[EMAIL PROTECTED]> writes: > If you feel that SCRIPT_NAME is too generic and might be overloaded > namespace, then how about GATEWAY_INTERFACE, HTTP_HOST, or > DOCUMENT_ROOT?
I'm just concerned about ignoring an IOError when a user is using tmda-cgi, but not in "no-su" mode. > That's a possibility, but it adds more risk. The CGI has to know if > it is in no-su mode long before we get a chance to read the Defaults > file Duh, of course, sorry. It's a chicken and egg problems with the Defaults namespace. > How about I have the CGI set an environment variable such as > TMDA_CGI_MODE = "no-su"? This sounds pretty reasonable. Another option is to ditch "no-su" mode because of all the problems it's causing. Both this, and the issue we are discussing on the tmda-gui list regarding confirmation URL security come to mind. But, there may be additional problems down the road which will have to be accounted for because "no-su" mode is such a radical departure from how TMDA works and what it expects. Reading the tmda-cgi HOWTO, you seem to already offer a global multi-user mode, as well as a per-user mode. I think this will cover practically all potential users, don't you? It's nice to be able to accommodate off the wall configurations, but not at the expense of additional frustration, upkeep, etc. _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
