[thelist] cgi security help needed

Maryanna Nesina mar at MN1052.srv.pu.ru
Tue Dec 11 02:06:26 CST 2001


Hi,
in my scripts (commonly Perl, but it doesn't metter) I usially use
directories outside apache root for CGI output
So CGI can use them, but the brousers cannot lounch as they dousn't belong
to web server.
The only thing that is left - any user that has ftp access (not annonimous)
can visit those directories.
As for me, it isn't a problem (only few people have valid shell account on
our server).
Regards,
Best regards,
Maryanna Nesina
mar at mail.bio.pu.ru
http://www.bio.pu.ru/~mar/
==================================================

> Hello,
> I recently purchased a cgi package that does advertising (I know I could
> do this myself in php) The problem being that if I follow their
> instructions it says to chmod all the sub dirs, including the accounts
> dir (holds all user info) 777 - I tried changing the rights but the
> script needs it - I was wondering if there is a way to make it so
> browsers are not allowed to look at the files but the script will still
> work ? I poked around for .htaccess info (I have never used it) but
> could only find info on making users and groups...
>
> any help is appreciated.
>
> Cameron
>
>
> --
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !




More information about the thelist mailing list