The default equivalent of cgi-bin in IIS4 and IIS5 is the "Scripts" virtual directory which is directly under you Inetpub directory. CGI's execute as user IUSR_SERVERNAME so really the security is based on the rights of that user which is minimal by default. Take a look at the CGI module docs to read up on some other security issues you might want to address like disabling uploads etc...
Hope this helps. Kind regards, Trevor J. Joerges -------------------------------------------- $_=q;rrUSFWPSZK.ZKPFSHFT,rkvtuZbopuifsZQZibdl rrqpxfsfeZcyZQ,,riuuq://xxx.%.dpn,ru~@%.dpn ,rrr8-) ;;s;\~;kpfshft;g;s;\%;tfoenjnf;g;y;B-x;A-w;; s;P;perl;g;s;,;\n;g;s;Y; ;g;s;q;\t;g;print; -------------------------------------------- ----- Original Message ----- From: "Neil Perl" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 08, 2002 9:15 AM Subject: Most secure place for CGI scripts | Can anybody offer some advice on where it it best to place a CGI script on a | Win32 web server, in order to prevent hacking? | | Is it safe to create a cgi-bin directory underneath the root of the | directory tree for a particular web site (not the root directory of the | server itself) or is it best to place it well away from here? | | Any advice on this, and other related general security issues will be | gratefully received. | | Thanks | N | | _________________________________________________________________ | MSN Photos is the easiest way to share and print your photos: | http://photos.msn.com/support/worldwide.aspx | | _______________________________________________ | Perl-Win32-Admin mailing list | [EMAIL PROTECTED] | To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs | _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
