[mapserver-dev] [gdal-dev] New env. var. to make it easier to test/debug web services
dmorissette at mapgears.com
Thu Oct 2 13:34:52 PDT 2014
On 14-10-02 4:25 PM, Even Rouault wrote:
> I didn't change this. They are currently enabled conditionaly. I'm not sure
> why. Perhaps for security reasons, since they imply reading a file (-t),
> overriding the temporary directory (-tmpbase), creating a file (MS_ERRORFILE) ?
> /* Keep only "-v", "-nh" and "QUERY_STRING=..." enabled by default.
> * The others will require an explicit -DMS_ENABLE_CGI_CL_DEBUG_ARGS
> * at compile time.
Yes, that was for security reasons. I forget the exact details, but that
was done when we discovered that one of the command-line args could
potentially be remotely exploited via CGI:
T: +1 418-696-5056 #201
Provider of Professional MapServer Support since 2000
More information about the mapserver-dev