Jeff Longland wrote: >I'm currently using Analog 3.92beta on a Windows NT IIS 4.0 remotely >hosted server. I have no access to a commandline, so all of my work >must be done through FTP. After a very thorough discussion about the >safety of placing analog.exe in one's cgi-bin, I've decided to give >Jeremy's NT version of the form a try. I installed the executable into >my cgi-bin but was unable to use it until I placed analog.exe, its >configuration/language files in the cgi-bin. I can now goto >http://my.server.com/cgi-bin/anlgform.exe and get my stats outputted >nicely to my screen. I'm sure this still poses a security risk, or >does it? Yes, it does. >Can someone give me explicit instructions on how to clear up these >potential security issues? Your CGI directory is, for example, C:\InetPub\cgi-bin. Anlgform.(exe|pl) needs to be there. (Add a new Virtual Directory in MMC, and make sure it has Execute permissions, point it at C:\InetPub\cgi-bin) Your form and your images also need to be in a Web directory, so they might be in C:\InetPub\WWWRoot\Analog, for example. Analog itself might be in C:\Program Files\Analog. There's no way to launch Analog itself directly from the web, as there would be if it is in your cgi-bin directory. You form needs to specify a CFG file, and the CFG file needs to sepcify an IMAGEDIR (/Analog/images, for example) and a LANGFILE. LOGFILE can be specified in the form, or in CFG file. >Jeff Longland Aengus ------------------------------------------------------------------------ This is the analog-help mailing list. To unsubscribe from this mailing list, send mail to [EMAIL PROTECTED] with "unsubscribe analog-help" in the main BODY OF THE MESSAGE. List archived at http://www.mail-archive.com/[email protected]/ ------------------------------------------------------------------------
