Action address in HTML forms
the hatter
london.pm at bang.meep.org
Wed Mar 4 14:00:20 GMT 2009
On Wed, 4 Mar 2009, David Cantrell wrote:
> The only reason I used to do it is because the server was running on
> Windows 95, and it's impossible on Windows to tell if something is
> executable or not from just looking at the file.
It's not terrible to separate data and programs in any environment. Plus
if I'm not mistaken, apache would exec anything from a ScriptAlias, and
serve anything from any other directory, in the good old days, until you
add in handlers for extensions you want ran, and XBitHack and similar.
There have been plenty of cases of people's super-secret code being
downloaded because they left an editor backup file in a servable directory
(though apache's default httpd.conf has some rules to deny the common
cases iirc).
It's all just a bit of an inconvenience as default, but entirely workable
to rewrite things to remove /cgi-bin from the URI if you're stuck with
that restriction.
the hatter
More information about the london.pm
mailing list