On 21 Sep 2012, at 1:35 PM, Jeff Trawick <[email protected]> wrote: > A script that leaks information should not be enabled unless the > administrator takes an action specific to that script. > > If the default configuration has cgi-bin disabled and the > administrator then drops an application there and enables cgi-bin, > they should not have to also disable printenv. > > Perhaps at one point printenv was helpful to show somebody how easy it > is to write a CGI script. Those days are over for anyone that knows > how to do a web search for "CGI <purpose>". It could be helpful to > debug some aspects of configuration, though that is an infrequent use.
+1. Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature
