On 5 Jun 2009, at 10:53, Seema Alevoor wrote: > Hi, > > Please review the changes for CR 6838652 > ( pre-configured printenv and testcgi can leak information to > network clients ) > at http://cr.opensolaris.org/~seema/6838652/
I really don't like that fix.
Better for the default to forbid them to the outside world:
<Files test-cgi>
Deny from all
Allow from 127.0.0.1
</Files>
(ditto printenv)
at the point where /cgi-bin/ is scriptaliased.
--
Nick Kew
