[pkg-lighttpd] Bug#499334: Bug#499334: lighttpd: CGI scripts only work for remoteip "127.0.0.1"
Rodrigo Campos
rodrigocc at gmail.com
Sun Oct 5 16:08:36 UTC 2008
On Sun, Oct 5, 2008 at 5:35 AM, Pierre Habouzit <madcoder at debian.org> wrote:
> On Sat, Oct 04, 2008 at 02:33:08AM +0000, Rodrigo Campos wrote:
>> Package: lighttpd
>> Version: 1.4.19-5
>> Followup-For: Bug #499334
>>
>> The fix allows CGI execution only from localhost. If you enabled cgi module you
>> probably don't want it to work only from localhost.
>>
>> The Apache package also enables it for "anybody"
>
> which is a rather bad idea for many CGI scripts. plus it's a snipplet
> example that is meant to be modified.
Why is a bad idea ?
If you want to activate the cgi module, probably you want to activate
it so everybody can just see your gitweb/whatever. Why would you want
to activate it only for localhost ? Isn't this a very particular case
?
Also, if that is an example to be modified, is kind of disturbing to
modify that file. If you modify it locally, and a new package changed
it, you will have to "merge" it on your own and that stuff. It's not
very nice to modify that file :)
If that is the "default", I think it should comfortable for "the
majority", not just for particular usage cases.
And if its just "to copy"/"know how to do that" perhaps in the
README.Debian or some of those documentation files would be more
appropriate ?
Thanks a lot,
Rodrigo
More information about the pkg-lighttpd-maintainers
mailing list