As far as I remember it, env.pl is a standard sample script dating back to the old httpd server that could be placed in the cgi-bin directory for testing purposes. By calling it, someone can find out many interesting things about the way your server is set up, things about which you would prefer to leave the public in ignorance. That it's still there in a public site's cgi-bin directory is a big mistake.
I dunno, on the scale of security concerns, that seems to rank somewhere between "obsessive-compulsive" and "pointless paranoia". So I still DONUT GEDDIT.
It's information that has no business being public. And network security should definitely have a fair amount of obsessive-compulsiveness and paranoia.
Maybe, but the only information I see in there that isn't already publically available are a couple of internal paths, and maybe the server IP, depending on whether that is publically visible already or not. If an attacker gets to the point where he has any use for knowing the internal paths, you're most likely screwed either way. I really don't see the big deal. I mean, the server is already running PHP. It's not exactly a tight ship.
![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small}
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
syntheid
no subject
Date: 2006-10-23 04:20 pm (UTC)Freak.
no subject
Date: 2006-10-23 06:07 pm (UTC)As to why, it adds an element of randomness to my already shuffled playlist.
no subject
Date: 2006-10-23 09:13 pm (UTC)no subject
Date: 2006-10-23 09:26 pm (UTC)no subject
Date: 2006-10-23 09:30 pm (UTC)no subject
Date: 2006-10-23 09:34 pm (UTC)no subject
Date: 2006-10-23 09:44 pm (UTC)no subject
Date: 2006-10-23 09:46 pm (UTC)no subject
Date: 2006-10-23 09:46 pm (UTC)no subject
Date: 2006-10-23 09:48 pm (UTC)no subject
Date: 2006-10-23 09:52 pm (UTC)