A Proposed Solution
When I read the book, I found this story an interesting insight. However, the flip side is that Barnett's remedies are almost as scary as the original problem, albeit for rather different reasons. He advocates running 'sed' with mod_ext_filter to strip information that shouldn't be revealed:
ExtFilterDefine strip_comments remove_comments mode=output \
intype=text/html cmd="/bin/sed s/\<\!--.*--\>//g"
<LocationMatch /cgi-bin/wm*>
SetOutputFilter remove_comments
</LocationMatch>
That works as an immediate firefighting exercise, but beyond that it's a terrible solution to the problem:
- It's a huge performance hit. By the end of the chapter, he's applied three such filters. If you apply that to static documents, it could eat up more than 99% of the total memory and CPU used by Apache per request. That'll be further amplified by its adverse effect on caching.
- He's overlooked regexp greediness. That will cause his regexp to eat up more than is intended.
- Using line-oriented patterns means that information split over multiple lines will be missed, so the solution doesn't usefully generalise.
