On Wed, 14 Mar 2001, you wrote:
> > (What do you mean with "not-inplace cgi"?)
>
> Some servers (like my own) are configured to allow you to run perl scripts
> anywhere.
>
> Some servers (especially in the paranoid ISP land) are configured to have
> a /cgi-bin/ where you have to put files in that will be 'executed'.
> Typically you cannot read from these dirs with a web server (you can only
> execute the program and read their output.) This is so that if you have
> passwords in your scripts it's very hard for the bad guys to read these
> files and get the script via the webserver no matter what mistakes you
> make (e.g. if you accidentlally leave backup files around.) The main
> drawback of this is that you can't serve normal files (like images) from
> the same directory.
or if for some reason the ISP edits the httpd.conf and removes execution
from .pl file types // voila! .. your scripts are exposed to the world
.. its not such a big deal on paranoid ISP sites as they are usually only
luser scripts doing somethig tedious .. the consequences on a commercial
site could be very real indeed ... I always have my cgi-bin directory
outside my document root .. makes sense to me.
--
Robin Szemeti
The box said "requires windows 95 or better"
So I installed Linux!
