We were asked to make available over the web certain applications which
were not designed for use in a "hostile environment", yet required access
to a sensitive database.  Also, it had to be possible for relatively
inexperienced programmers to put those applications on the web.

To do so without appreciably dimishing the security of the database,
or that of the web server (Apache in a chroot), we poked a tiny hole
through the wall of the "chroot prison" to implement a highly controlled
channel of communication between CGI programs in the chroot, and fragile
applications running on the system.  Hole-in-the-chroot version 1 has
been operational since mid-1999.