www/fcgiwrap patch (more about CGI)

Jean Louis bugs at gnu.support
Sun Nov 8 13:10:16 PST 2020


* Jávorszky Balázs <javorszky.balazs at gmail.com> [2020-11-08 23:53]:
> Hi,
> 
> I have to use www/fcgiwrap with nginx (pls don't ask why :) I would avoid
> CGI if I could). The /usr/local/etc/rc.d/fcgiwrap file has minor issues.
> Interesting but this doesn't affect the identical FreeBSD version, I've
> tried that too.

Not related to the patch: I am using CGI for more than 20 years
without problem. None server was ever cracked into by using CGI (more
by accident). By the rule, servers were cracked when hosting was
provided for PHP applications, I have found backdoor shells, spamming,
and what what.

That CGI creates a new process on each request (maybe fcgiwrap not) is
common and does not really matter especially if your program is not
bloated. I am receiving orders, so they do not come thousand times in
one second so it does not matter.

CGI is not automatically vulnerable how some people spread fears,
uncertainties and doubts about it. Any application on web could be
vulnerable and that depends of programmers. CGI is not slow and it is
as slow or as fast as the computer. It is of course better when
running it as single process. There are many frameworks for CGI,
notable ones are in Perl and CGI can scale quite well. I may rely next
20-50 years on CGI as well.

Jean


More information about the Users mailing list