[Twisted-Python] Re: [Twisted-commits] log stderr and non-zero exit code in CGIs, don't show info to users as it is a security risk (closes issue #241)
Itamar Shtull-Trauring
itamar at itamarst.org
Thu Aug 28 20:50:05 EDT 2003
On Thu, 28 Aug 2003 19:16:09 -0500
Glyph Lefkowitz <glyph at twistedmatrix.com> wrote:
> Also, could you clarify the security risk of displaying stderr from
> CGI scripts? I've never heard of a CGI that puts security-critical
> information on stderr rather than stdout and makes it a risk to
> display to users.
If it's a python script it's probably going to be a traceback.
Also, I don't care about the Perl FAQ :) If you can't figure out how to
read the exact same info out of a logfile, you shouldn't be trying to
debug a CGI script.
--
Itamar Shtull-Trauring http://itamarst.org/
Available for Python & Twisted consulting
More information about the Twisted-Python
mailing list