[Twisted-Python] Re: [Twisted-commits] log stderr and non-zero exit code in CGIs, don't show info to users as it is a security risk (closes issue #241)

Itamar Shtull-Trauring itamar at itamarst.org
Thu Aug 28 20:50:05 EDT 2003

On Thu, 28 Aug 2003 19:16:09 -0500
Glyph Lefkowitz <glyph at twistedmatrix.com> wrote:

> Also, could you clarify the security risk of displaying stderr from
> CGI scripts?  I've never heard of a CGI that puts security-critical 
> information on stderr rather than stdout and makes it a risk to
> display to users.

If it's a python script it's probably going to be a traceback.

Also, I don't care about the Perl FAQ :) If you can't figure out how to
read the exact same info out of a logfile, you shouldn't be trying to
debug a CGI script.

Itamar Shtull-Trauring    http://itamarst.org/
Available for Python & Twisted consulting

More information about the Twisted-Python mailing list