[thelist] Web server settings question

Jay Blanchard jay.blanchard at niicommunications.com
Thu Feb 10 14:11:59 CST 2005


[snip]
   I just modified my contact email script ([1], but I haven't posted
the new version there yet, maybe tomorrow) for a friend, to write values
out to a CSV data file as well as sending the email containing them. The
CSV file is written to the /cgi-bin directory, same place as the script
resides. A big problem, which I hadn't anticipated, is that in his
domain, I (and anyone else) can type the full URL to the data file (such
as http://www.thedomainname.com/cgi-bin/contacts.csv) directly into the
address box, and it will send the whole file to the client! I didn't
expect this, and the domains that I have don't allow this. (I copied the
file to them, and typed the address, and got an Internal Server Error.
[/snip]

Use the .htaccess file to restrict access in the directories.
http://httpd.apache.org/docs/howto/auth.html


More information about the thelist mailing list