Why not pass back the session key and forget the ../tmp portion of the
URL?
You can then strip off the session id key and your programs would use
this internally?
Jon Brisbin wrote:
>
> Follow-up to this...I forgot that my webserver already disallows viewing of
> Indexes in cgi-bin, so that's good, and if you try to pull it up through
> "/cgi-bin/tmp/23k4j2l3k4j23" it would give you a 500, so that's pretty
> secure, right??
>
> jb
>
> ----- Original Message -----
> From: Jon Brisbin <[EMAIL PROTECTED]>
> To: Erich L. Markert <[EMAIL PROTECTED]>; ___cliff rayman___
> <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 01, 2000 10:27 AM
> Subject: Re: persistent problem: FIXED...well sorta
>
> > > > OR if you just want to use a temp storage area then:
> > > >
> > > > BEGIN {
> > > > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > > > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > > > }
> >
> > I got this to work :-) Which makes me happy...but one other question
> before
> > I try it (not really Embperl related, but thought y'all would know :-):
> >
> > Can I put a <Files> directive in my httpd.conf to disallow viewing of that
> > directory without affecting the script's execution?? It shouldn't be a
> > problem, right??
> >
> > thanks!
> >
> > jb
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
--
__________________________________________________________
Mr. Erich L. Markert [EMAIL PROTECTED]
Computer Learning Center TEL (914)422-4328
Pace University
1 Martine Ave
White Plains, New York 10606-1932
Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
