[thelist] Web server settings question

Jay Blanchard jay.blanchard at niicommunications.com
Thu Feb 10 14:11:59 CST 2005

   I just modified my contact email script ([1], but I haven't posted
the new version there yet, maybe tomorrow) for a friend, to write values
out to a CSV data file as well as sending the email containing them. The
CSV file is written to the /cgi-bin directory, same place as the script
resides. A big problem, which I hadn't anticipated, is that in his
domain, I (and anyone else) can type the full URL to the data file (such
as http://www.thedomainname.com/cgi-bin/contacts.csv) directly into the
address box, and it will send the whole file to the client! I didn't
expect this, and the domains that I have don't allow this. (I copied the
file to them, and typed the address, and got an Internal Server Error.

Use the .htaccess file to restrict access in the directories.

More information about the thelist mailing list