undefined | Better HN

0 pointscenamus8mo ago0 comments

I agree, but if you're doing fastcgi, you might as well do http directly, with a relay in front of it (load balancing, tls termination, whatever).

0 comments

immibis8mo ago

CGI-based protocols transfer a bunch of metadata from the front end - such as the client IP address - without any injection or double-parsing vulnerabilities. Using HTTP twice means having more code and a greater security risk.

By the way if you're using nginx, then instead of FastCGI you might prefer SCGI, which does one connection per request and no multiplexing, so it's much simpler.

petee8mo ago

I always wished that FastCGI's Filter & Authorizer roles became popular, it's a nice separation of duties

j / k navigate · click thread line to collapse

0 pointscenamus8mo ago0 comments

I agree, but if you're doing fastcgi, you might as well do http directly, with a relay in front of it (load balancing, tls termination, whatever).

0 comments

immibis8mo ago

By the way if you're using nginx, then instead of FastCGI you might prefer SCGI, which does one connection per request and no multiplexing, so it's much simpler.

petee8mo ago

I always wished that FastCGI's Filter & Authorizer roles became popular, it's a nice separation of duties

j / k navigate · click thread line to collapse