HTTP Authorization Patch

Poul-Henning Kamp phk at
Fri Feb 23 10:44:14 CET 2007

In message <02769D74-A35A-4BD5-82D4-5280E2D1EAD9 at>, =?ISO-8859-1?
Q?Ask_Bj=F8rn_Hansen?= writes:
>On Feb 22, 2007, at 12:14 AM, Poul-Henning Kamp wrote:
>> The concept is that hat arbitrary C-code can be inserted into VCL
>> programs, possibly something like:
>I can't decide if I want to say "neat" or "avoid avoid avoid!".

Right, that's why I didn't even mention it, until somebody else
brought forth a need for it.

The article I refered to is worth a read as background reading
at this point:

>I understand that you don't want to embed a better memory managed  
>(etc) language, but if you go the "C in the config file" route at the  
>very least we'll need some tools to test the configuration file (say  
>throw random data at it to test for basic buffer overflows etc).

>From a philosophical point of view, if you use the C{ }C escape mechanism,
you get what you ask for, so don't expect me to spend a lot of time
trying to protect you from yourself, that would defeat the purpose.

>From a more practical point of view, writing a stress-tester for
unspecified C-code is not tricky, it is virtually impossible.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list