[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH 2/4] httpd: Don't add Date header to response
From: Bernd Petrovitsch <bernd () petrovitsch ! priv ! at>
Date: 2020-08-31 19:50:29
Message-ID: 7b7b06211215d9c9ac72741cc346bd5f77db1374.camel () petrovitsch ! priv ! at
[Download RAW message or body]
Hi all!
On Mon, 2020-08-31 at 18:20 +0300, Sergey Ponomarev wrote:
[...]
> I checked all links and it looks like few years ago there was some breach
> in NTP daemons so some ISP disabled it.
Hmm, if ISPs would disable complete services (and nowadays
IMHO essential) if there is "some breach in it", that would
be "interesting" ....
> It looks like almost everyone just called 1.1.1.1 or google.com. So it not
> necessary should be a router or embedded device.
For SO and similar, I probably would use that too.
For a serious, professional implementation, all of them are
total no-gos:
- it requires a (DNS) "connection" to the Internet. Not all have
(or want ) that - especially in the embedded world.
- and Google or whoever gets something to know which is none of
there business (from the clients side;-).
- the latency and Internet-bandwidth waste is in ANYCAST times
probably not the real big problem ....
> Given how small is amount of such users and only part of them probably may
> not have an Internet access and even server access I think we are safe here.
- and last but not least: better you use a web server you really
trust for that info.
> > fork+exec is pretty heavy
>
> Yes but such calls are not expected to be so intensive: maybe just once per
> day per client.
For "once per day" it doesn't matter (probably;-).
Chances are (and my professional experience supports that) that
lots (if not all) of the other shell scripts - especially
CGI-scripts - look quite similar[0][1].
In the real world I would have a comment at the top of "run
once a day script" like "this is run once a day - don't care
about performance" or similar.
> BTW the more real problem is with httpd_indexcgi.c which provides directory
> listing as a CGI script. All other web servers have a built-in listing.
Yes, but have have to activate it or can deactivate it. IMHO
it's more convenience than anything else ...
> Speaking about that Date is required by RFC: I sent an email to HTTP WG
> https://lists.w3.org/Archives/Public/ietf-http-wg/2020JulSep/0142.html
>
> Anyway, the Date header is still compiled by default but those who don't
> need it may disable it.
Thanks for checking that out!
[ X ] Like!
Having an option too easily get it out is double-plus-good!
MfG,
Bernd
[0]: Don't get me wrong - I started the same in "shell
scripting" with grep/sort/cut/join/... on real PCs.
But after years on 25MHz PPC (or similar) CPUs (year
2000+ and later), it's pretty different ....
[1]: And some old-school web interface with 3 frames and
all of them start some CGI script ....
--
Bernd Petrovitsch Email : bernd@petrovitsch.priv.at
There is no cloud, just other people computers. - FSFE
LUGA : http://www.luga.at
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic