Consider using PerlOptions +Parent in Apache configs

RotherOSS / otobo

OTOBO is one of the most flexible web-based ticketing systems used for Customer Service, Help Desk, IT Service Management. https://otobo.io/

GNU General Public License v3.0

242 stars 73 forks source link

Consider using PerlOptions +Parent in Apache configs #310

Closed wollmers closed 3 years ago

wollmers commented 3 years ago

To avoid funny and hard to diagnose problems, it's a more secure way to use

PerlOptions +Parent

in Apache in combination with mod_perl2, especially if more than one vhost uses Perl.

See https://perl.apache.org/docs/2.0/user/config/config.html#toc_C_Parent_ or the sample configuration for Mojolious un der Apache/mod_perl (PSGI/Plack) https://github.com/mojolicious/mojo/wiki/Apache-deployment#apachemod_perl-psgiplack.

bschmalhofer commented 3 years ago

Thanks @wollmers. I have simply added the option to the sample configs without any testing. The plan is to reorganize these configs and during that process I'll test the individual configs. See #132 Closing this issue.