On 29 Oct 2000, Knut A. Syed wrote:
+ How about modifying htsearch to automatically use CONFIG_DIR based on
+ the name of the exectued binary?
This is, in effect, what I already do. I don't have htsearch in the
cgi-bin directory, just several perl wrapper scripts (the one named
htsearch is a
According to Knut A. Syed:
Gilles Detillieux [EMAIL PROTECTED] writes:
Using a symbolic link to htsearch doesn't secure anything because
the link to the binary won't change the the CONFIG_DIR setting that
the binary uses, so you're still relying on keeping the config file
name secret.
According to Stephane Bortzmeyer:
On Wednesday 25 October 2000, at 11 h 12, the keyboard of Geoff Hutchison
[EMAIL PROTECTED] wrote:
As I understand it, there is no real security here: anyone can setup a
form in a Web page which will call htsearch (not htsearch.pr) and this
htsearch
I have what I believe is a common problem, but for which I find nothing in the
FAQ http://www.htdig.org/FAQ.html. I have public and private (protected by
Apache's allow/deny) pages. I would like to index the private pages but
without letting ht://Dig reveal them to the outside. The solutions
At 10:57 AM +0200 10/25/00, Stephane Bortzmeyer wrote:
- make two databases, but I don't really see what can prevent the user to use
the private one (I have to authorize /cgi-bin/htsearch for everybody). Yes, I
can make two Web pages with different config (and authorize only one from
outside) but
On Wednesday 25 October 2000, at 7 h 38, the keyboard of Geoff Hutchison
[EMAIL PROTECTED] wrote:
You can make a symbolic link and secure one of the URLs, e.g.:
ln -s htsearch htsearch.pr
and then in your server config:
Location /cgi-bin/htsearch.pr
AuthType Basic
As I understand it,
On Wednesday 25 October 2000, at 11 h 12, the keyboard of Geoff Hutchison
[EMAIL PROTECTED] wrote:
As I understand it, there is no real security here: anyone can setup a
form in a Web page which will call htsearch (not htsearch.pr) and this
htsearch will be able to read the configuration
