<p>Apache yapılandırmasıyla atanan ve kabuğa aktarılan ortam
- değişkenlerinden başka <a href="http://cgi-spec.golux.com/">CGI
+ değişkenlerinden başka <a href="http://www.w3.org/CGI/">CGI
Belirtimi</a>nin gerektirdiği istekler hakkında temel bilgileri
içeren ortam değişkenlerinin CGI betikleri ve SSI sayfalarınca
atanabilmesi sağlanmıştır.</p>
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ja.xsl"?>
-<!-- English Revision: 421100:749395 (outdated) -->
+<!-- English Revision: 421100:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
-<!-- English Revision: 105989:749395 (outdated) -->
+<!-- English Revision: 105989:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
programme externe pour permettre à ce dernier de traiter des requêtes.
L'interface a été initialement définie par <a href="http://hoohoo.ncsa.uiuc.edu/cgi/overview.html">NCSA</a> mais il
existe aussi le projet
- <a href="http://cgi-spec.golux.com/">RFC project</a>.<br />
+ <a href="http://www.w3.org/CGI/">RFC project</a>.<br />
Voir : <a href="howto/cgi.html">Contenu dynamique avec CGI</a>
</dd>
<a href="./ko/glossary.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="./tr/glossary.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">This translation may be out of date. Check the
+ English version for recent changes.</div>
<p>この用語集では Apacheに特化した用語と、
ウェブサーバ全般で一般的な用語をいくつか定義しています。
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.de.xsl"?>
-<!-- English Revision: 421100:667834 (outdated) -->
+<!-- English Revision: 421100:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.es.xsl"?>
-<!-- English Revision: 105174:667834 (outdated) -->
+<!-- English Revision: 105174:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ja.xsl"?>
-<!-- English Revision: 667834 -->
+<!-- English Revision: 667834:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
-<!-- English Revision: 105989:667834 (outdated) -->
+<!-- English Revision: 105989:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<variant>en</variant>
<variant outdated="yes">es</variant>
<variant>fr</variant>
- <variant>ja</variant>
+ <variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
<variant>tr</variant>
</variants>
<a href="../ja/howto/cgi.html" title="Japanese"> ja </a> |
<a href="../ko/howto/cgi.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
</div>
+<div class="outofdate">This translation may be out of date. Check the
+ English version for recent changes.</div>
</div>
<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#intro">はじめに</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#configuring">CGI を許可するように Apache を設定する</a></li>
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 421100 -->
+<!-- English Revision: 421100:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version='1.0' encoding='EUC-KR' ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:421100 (outdated) -->
+<!-- English Revision: 105989:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<variants>
<variant>en</variant>
- <variant>ja</variant>
+ <variant outdated="yes">ja</variant>
<variant outdated="yes">ko</variant>
</variants>
</metafile>
değeri <code>5</code> saniye olup bu etkiyi en aza indirmeye yönelik
süredir. Burada ağ band genişliği ile sunucu kaynaklarının kullanımı
arasında bir seçim yapmak söz konusudur. Hiçbir şey umurunuzda
- değilse <a href="http://www.research.digital.com/wrl/techreports/abstracts/95.4.html">
+ değilse <a href="http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-95-4.html">
çoğu ayrıcalığın yitirilmesi pahasına</a> bu değeri rahatça
<code>60</code> saniyenin üzerine çıkarabilirsiniz.</p>
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:740030 (outdated) -->
+<!-- English Revision: 105989:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 122770:755338 (outdated) -->
+<!-- English Revision: 122770:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
bir betik yazıp B’nin CGI veritabanını silebilir. Bu gibi durumların
ortaya çıkmaması için betiklerin farklı kullanıcıların aidiyetlerinde
çalışmasını sağlayan ve 1.2 sürümünden beri Apache ile dağıtılan <a href="../suexec.html">suEXEC</a> diye bir program vardır. Başka bir yol
- da <a href="http://cgiwrap.unixtools.org/">CGIWrap</a> kullanmaktır.</p>
+ da <a href="http://cgiwrap.sourceforge.net/">CGIWrap</a> kullanmaktır.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:686269 (outdated) -->
+<!-- English Revision: 105989:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<li><img alt="" src="../images/down.gif" /> <a href="#pooling">Connection Pooling</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#API">Apache DBD API</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#prepared">SQL Prepared Statements</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#security">SECURITY WARNING</a></li>
</ul><h3>See also</h3>
<ul class="seealso">
<li><a href="../misc/password_encryptions.html">Password Formats</a></li>
<p>It is up to dbd user modules to use the prepared statements
and document what statements can be specified in httpd.conf,
or to provide their own directives and use <code>ap_dbd_prepare</code>.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="security" id="security">SECURITY WARNING</a></h2>
+
+ <p>Any web/database application needs to secure itself against SQL
+ injection attacks. In most cases, Apache DBD is safe, because
+ applications use prepared statements, and untrusted inputs are
+ only ever used as data. Of course, if you use it via third-party
+ modules, you should ascertain what precautions they may require.</p>
+ <p>However, the <var>FreeTDS</var> driver is inherently
+ <strong>unsafe</strong>. The underlying library doesn't support
+ prepared statements, so the driver emulates them, and the
+ untrusted input is merged into the SQL statement.</p>
+ <p>It can be made safe by <em>untainting</em> all inputs:
+ a process inspired by Perl's taint checking. Each input
+ is matched against a regexp, and only the match is used,
+ according to the Perl idiom:</p>
+ <div class="example"><pre><code> $untrusted =~ /([a-z]+)/;
+ $trusted = $1;</code></pre></div>
+ <p>To use this, the untainting regexps must be included in the
+ prepared statements configured. The regexp follows immediately
+ after the % in the prepared statement, and is enclosed in
+ curly brackets {}. For example, if your application expects
+ alphanumeric input, you can use:</p>
+ <div class="example"><p><code>
+ <code>"SELECT foo FROM bar WHERE input = %s"</code>
+ </code></p></div>
+ <p>with other drivers, and suffer nothing worse than a failed query.
+ But with FreeTDS you'd need:</p>
+ <div class="example"><p><code>
+ <code>"SELECT foo FROM bar WHERE input = %{([A-Za-z0-9]+)}s"</code>
+ </code></p></div>
+ <p>Now anything that doesn't match the regexp's $1 match is
+ discarded, so the statement is safe.</p>
+ <p>An alternative to this may be the third-party ODBC driver,
+ which offers the security of genuine prepared statements.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DBDExptime" id="DBDExptime">DBDExptime</a> <a name="dbdexptime" id="dbdexptime">Directive</a></h2>
password, database name, hostname and port number for connection.</p>
<p>Connection string parameters for current drivers include:</p>
<dl>
+ <dt>FreeTDS (for MSSQL and SyBase - see SECURITY note)</dt>
+ <dd>username, password, appname, dbname, host, charset, lang, server</dd>
<dt>MySQL</dt>
- <dd>host, port, user, pass, dbname, sock</dd>
+ <dd>host, port, user, pass, dbname, sock, flags, fldsz, group, reconnect</dd>
+ <dt>ODBC</dt>
+ <dd>datasource, user, password, connect, ctimeout, stimeout, access, txmode, bufsize</dd>
<dt>Oracle</dt>
<dd>user, pass, dbname, server</dd>
<dt>PostgreSQL</dt>
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 421100:746542 (outdated) -->
+<!-- English Revision: 421100:805763 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 151408:746542 (outdated) -->
+<!-- English Revision: 151408:805763 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 421100:655823 (outdated) -->
+<!-- English Revision: 421100:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 125277:655823 (outdated) -->
+<!-- English Revision: 125277:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<p>will cause a local request for
<code>http://example.com/foo/bar.gif</code> to be internally converted
into a proxy request to <code>http://backend.example.com/foo/bar.gif</code>.</p>
+ <div class="note"><h3>Note</h3>
+ <p>The URL argument must be parsable as a URL <em>before</em> regexp
+ substitutions (as well as after). This limits the matches you can use.
+ For instance, if we had used</p>
+ <div class="example"><p><code>
+ ProxyPassMatch ^(/.*\.gif)$ http://backend.example.com:8000$1
+ </code></p></div>
+ <p>in our previous example, it would fail with a syntax error
+ at server startup. This is a bug (PR 46665 in the ASF bugzilla),
+ and the workaround is to reformulate the match:</p>
+ <div class="example"><p><code>
+ ProxyPassMatch ^/(.*\.gif)$ http://backend.example.com:8000/$1
+ </code></p></div>
+ </div>
<p>The <code>!</code> directive is useful in situations where you don't want
to reverse-proxy a subdirectory.</p>
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 421100:782385 (outdated) -->
+<!-- English Revision: 421100:808499 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 151408:421100 (outdated) -->
+<!-- English Revision: 151408:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<p><span>°¡´ÉÇÑ ¾ð¾î: </span><a href="../en/platform/perf-hp.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../ko/platform/perf-hp.html" title="Korean"> ko </a></p>
</div>
+<div class="outofdate">ÀÌ ¹®¼´Â ÃÖ½ÅÆÇ ¹ø¿ªÀÌ ¾Æ´Õ´Ï´Ù.
+ ÃÖ±Ù¿¡ º¯°æµÈ ³»¿ëÀº ¿µ¾î ¹®¼¸¦ Âü°íÇϼ¼¿ä.</div>
<pre>
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 421100 -->
+<!-- English Revision: 421100:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
<variants>
<variant>en</variant>
- <variant>ko</variant>
+ <variant outdated="yes">ko</variant>
</variants>
</metafile>
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:799068 (outdated) -->
+<!-- English Revision: 105989:805050 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
should use. This is the maximum number of connections the server
can handle at once, so be sure to set this number high enough for
your site if you get a lot of hits. The recommended default is
- <code>ThreadsPerChild 150</code>, but this mut be adjusted to
+ <code>ThreadsPerChild 150</code>, but this must be adjusted to
reflect the greatest anticipated number of simultanious
connections to accept.</p></li>
may interpret backslashes as an "escape character" sequence, you
should consistently use forward slashes in path names, not
backslashes. Drive letters can be used; if omitted, the drive
- of the SystemRoot direcive (or -d command line option) becomes
+ of the SystemRoot directive (or -d command line option) becomes
the default.</p></li>
<li><p>While filenames are generally case-insensitive on
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:799068 (outdated) -->
+<!-- English Revision: 105989:808825 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
projects / thirdparty / apache / httpd.git / commitdiff
