Gilles Detillieux <[EMAIL PROTECTED]> writes:
> Using a symbolic link to htsearch doesn't secure anything because
> the link to the binary won't change the the CONFIG_DIR setting that
> the binary uses, so you're still relying on keeping the config file
> name secret. If you don't want to compile two htsearch binaries with
> different CONFIG_DIR settings, you can use a simple wrapper script for the
> secure htsearch.pr, which sets the CONFIG_DIR environment variable to the
> secure configuration directory. This environment variable overrides the
> compiled-in setting specified by the make-file variable of the same name.
How about modifying htsearch to automatically use CONFIG_DIR based on
the name of the exectued binary?
Then you can make symlinks to htsearch with different names and
web-access/protection, and htsearch will choose the configuration
automatically.
F.ex. the symlink htsearch-internal (pointing to htsearch) can be
protected and accessed as
http://www.example.com/cgi-bin/htsearch-internal, automatically using
htsearch-internal as CONFIG_DIR. Accessing htsearch directly will not
work (unless you have a CONFIG_DIR named htsearch).
~kas
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
List archives: <http://www.htdig.org/mail/menu.html>
FAQ: <http://www.htdig.org/FAQ.html>
