* Jávorszky Balázs <[email protected]> [2020-11-08 23:53]: > Hi, > > I have to use www/fcgiwrap with nginx (pls don't ask why :) I would avoid > CGI if I could). The /usr/local/etc/rc.d/fcgiwrap file has minor issues. > Interesting but this doesn't affect the identical FreeBSD version, I've > tried that too.
Not related to the patch: I am using CGI for more than 20 years without problem. None server was ever cracked into by using CGI (more by accident). By the rule, servers were cracked when hosting was provided for PHP applications, I have found backdoor shells, spamming, and what what. That CGI creates a new process on each request (maybe fcgiwrap not) is common and does not really matter especially if your program is not bloated. I am receiving orders, so they do not come thousand times in one second so it does not matter. CGI is not automatically vulnerable how some people spread fears, uncertainties and doubts about it. Any application on web could be vulnerable and that depends of programmers. CGI is not slow and it is as slow or as fast as the computer. It is of course better when running it as single process. There are many frameworks for CGI, notable ones are in Perl and CGI can scale quite well. I may rely next 20-50 years on CGI as well. Jean
