Hi folks, You probably remember my posts from last week about the problems I was facing while trying to install Rev cgi on a Linux server.
I'm happy to say that these problems have been solved, and I thought some of you could be interested in knowing what was wrong. Actually the main reason why Rev cgi wasn't running properly (not running at all in fact) was because the server configuration had been carefully set to prevent any executable to launch from the cgi-bin folder. The local Linux expert who halped me on this issue told me that a few rules should be followed, for instance : - it looks like a BAD IDEA to install the cgi engine and the scripts in the same folder (it might open a serious SECURITY HOLE in Apache), and any well-configured server doesn't allow that; - it is a good idea to set privileges of the scripts files (and of the directories in which they are installed) so that only the cgi engine (that is supposed to run them) can run them; - if your cgi scripts are supposed to create / delete folders & files, it is a good idea to allow these operations in a special directory, and to set privileges so that only your engine and your scripts could do it. We actually spent a couple of hours setting and testing everything, and now everything runs fine. I don't think I'm overreacting on this topic (although I don't want to scare anyone) but I have the strong feeling that if you want to use Rev cgi for some serious / professional project (and not only some home experiments), you should be wise to take all these security issues into consideration, and ask for advice from a Linux specialist. For that reason, I think that the installation part of the cgi tutorial should be re-written, and should include more detailed advices about the installation procedure. Best, JB _______________________________________________ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
