At 11:03 AM -0800 3/1/01, Rob Bloodgood wrote:
>I've been using HTML::Mason under mod_perl on my site for awhile, using
>0.89, and I like it lots. :-) So when the new 1.0 came out, I went to go
>upgrade, and broke EVERYTHING.
>
>Not only that, but, I haven't been able to make sense out of what Mason
>wants for its dir heirarchy, anyway:
>First, comp_root (apparently) needs to be the same as DocumentRoot, which
>seems horribly insecure... if I could find another way to do it, I would,
>but for now, knowing the path my components run under makes them viewable
>_AS SOURCE_ by anyone who knows the url.
Well, the only reason a component should be visible as source is if
Mason isn't working, right? So saying that it's horribly insecure is
the same as saying that it's not working right?
Here's what I use in my httpd.conf to get get Mason to handle all
files with .md extensions (Mason documents). These are the top level
components that return an entire page. The .mc files are other
components which in the comp_root and thus available be called by
other Mason components, but cannot be requested directly via a URL.
This seems secure to me and it's been working just fine from 0.7 or
so up through 1.0.
AddType text/html .md
<FilesMatch ".*\.md$">
SetHandler perl-script
PerlHandler HTML::Mason
Options Indexes FollowSymLinks ExecCGI
</FilesMatch>
<FilesMatch ".*\.mc$">
Order allow,deny
Deny from all
</FilesMatch>
>and in the same vein, the *ONLY* way I could get it to run was to put it's
>data_dir under DocumentRoot as well. ????????
Is it a file permissions problem? If you're running your webserver as
user 'nobody', nobody has to have write access to the data_dir. You
definitely don't want to have your data_dir under your DocumentRoot.
Ray
