Ticket #3485 (closed defect: fixed)
Disable insecure mapserv CGI command-line debug args
|Reported by:||dmorissette||Owned by:||dmorissette|
|Component:||MapServer C Library||Version:||5.6|
As part of a security audit of MapServer 5.6 it was found that some of the mapserv CGI command-line debug arguments constitute a security risk that could potentially be exploited.
I will not disclose any of the details here, but we should take actions to avoid command-line args in CGI programs.
This will not affect functionality for regular mapserv CGI users... only for developers that used those command-line args to debug and test the software.