According to Knut A. Syed:
> Gilles Detillieux <[EMAIL PROTECTED]> writes:
> > Using a symbolic link to htsearch doesn't secure anything because
> > the link to the binary won't change the the CONFIG_DIR setting that
> > the binary uses, so you're still relying on keeping the config file
> > name secret. If you don't want to compile two htsearch binaries with
> > different CONFIG_DIR settings, you can use a simple wrapper script for the
> > secure htsearch.pr, which sets the CONFIG_DIR environment variable to the
> > secure configuration directory. This environment variable overrides the
> > compiled-in setting specified by the make-file variable of the same name.
>
> How about modifying htsearch to automatically use CONFIG_DIR based on
> the name of the exectued binary?
>
> Then you can make symlinks to htsearch with different names and
> web-access/protection, and htsearch will choose the configuration
> automatically.
>
> F.ex. the symlink htsearch-internal (pointing to htsearch) can be
> protected and accessed as
> http://www.example.com/cgi-bin/htsearch-internal, automatically using
> htsearch-internal as CONFIG_DIR. Accessing htsearch directly will not
> work (unless you have a CONFIG_DIR named htsearch).
While your suggestion has merit, and would be quite easy to implement,
I don't think it would be a good idea to make it a standard part of the
distribution. You touched on the reason for this in your last sentence.
This scheme would introduce restrictions on the CONFIG_DIR name that
are not part of the current set of defaults, so it would likely break
a large number of installed sites.
However, if you need this feature on your own site, it's really simple
to add. Just find the following line in htsearch/htsearch.cc:
configFile = CONFIG_DIR;
and add this after it:
configDir = strrchr(av[0], '/');
if (configDir)
configFile << configDir;
This will append the program name to the compiled-in CONFIG_DIR value,
as a subdirectory of it.
--
Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba Phone: (204)789-3766
Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
List archives: <http://www.htdig.org/mail/menu.html>
FAQ: <http://www.htdig.org/FAQ.html>
