At Wed, 14 Mar 2001 11:28:19 +0000 (GMT), Mark Fowler <[EMAIL PROTECTED]> wrote:
> > (What do you mean with "not-inplace cgi"?)
>
> Some servers (like my own) are configured to allow you to run perl
> scripts anywhere.
We _like_ servers configured like this. Especially if they've got some
kind of file upload facility installed. We can run any code we like on
them :)
> Some servers (especially in the paranoid ISP land) are configured to
> have a /cgi-bin/ where you have to put files in that will be
> 'executed'. Typically you cannot read from these dirs with a web
> server (you can only execute the program and read their output.)
> This is so that if you have passwords in your scripts it's very hard
> for the bad guys to read these files and get the script via the
> webserver no matter what mistakes you make (e.g. if you accidentlally
> leave backup files around.) The main drawback of this is that you
> can't serve normal files (like images) from the same directory.
These servers, OTOH, are far less fun. Typically the web user has no
wrtie access to the cgi-bin directory so you can't upload your own
scripts there using HTTP.
> I call the first 'in place cgi' and the latter 'cgi-bin'
I call the first 'a security nightmare' and the latter 'much safer'.
> Hope that's clear.
Very much :)
Dave...
