[FASTCGI] FastCGI with Oracle
charles_thomas at mac.com
Mon Dec 7 13:24:33 EST 2009
I am trying to remember where I read this in the fastcgi/fastcgx
documentation -- but somewhere they recommend not using setenv within
the accept loop. Perhaps each iteration of FCGII_Accept/FCGIX_Accept
it clears and resets?
It's a real security risk (IMHO).... an old hacker trick is to modify
the path (for example) to point to your own version of a sh (sushi,
I've only used mod_fcgid -- with AddHandler -- and its (still)
On Dec 7, 2009, at 11:47 AM, Rob Lemley wrote:
> Darren Garvey wrote:
>> 2009/12/4 A. M. ArunKumar <arun at eagle-india.com>
>> The solution which you gave has helped me. But its not after
>> accept its before that. we need to set it back in the C++
>> program. I used the setenv function in c++ and now its connecting
>> to oracle.
>> Is this how it is supposed to happen? I don't see why the FastCGI
>> library should clear environment variables for the whole
> We really can't tell what is happening because we need to know more
> about how A.M. ArunKumar is starting the fastcgi server app. I
> think he's using the apache mod_fastcgi but we don't know if it's
> external FastCGI, internal FastCGI, or FastCGI started through the
> apache ExecCGI system.
> I know from experience that the mod_fastcgi FastCgiServer directive
> (ie "internal" fastcgi server) with the "-initial-env name=[value]"
> option passes the values into the specified application which is
> started by the mod_fastcgi process manager.
> So from that, I assume that ArunKumar is NOT running an "internal"
> fastcgi server via the FastCgiServer directive.
> ArunKumar, can you give us more details about how you're
> initializing/executing/starting your FastCGI server C++ app?
> If you're running it as a "FastCgiExternalServer" and starting via
> some other means (such as init scripts, daemontools, or the windows
> service manager), then it's true, the environment variables will
> not be passed through the FastCGI connection to the external
> fastcgi server app. The only thing I know of like this is the
> FastCgiExternalServer "-pass-header" option, which I'm thinking
> would pass the headers only upon receipt of a request from the client.
> I haven't worked with the apache "SetHandler" and "AddHandler"
> directives to know how environment variables work with those.
> FastCGI-developers mailing list
> FastCGI-developers at mailman.fastcgi.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the FastCGI-developers