Re: [cgiwrap-users] are cgi-bin subdirs okay?
Brought to you by:
nneul
Menu
▾
▴
Re: [cgiwrap-users] are cgi-bin subdirs okay?
|
From: Joe H. <on...@dc...> - 2001-11-27 14:07:51
|
On Mon, 26 Nov 2001, Ian 'Ivo' Veach wrote: > We have users who want to organize their "many" cgi into subdirectories > under their personal cgi-bin/ directory. At a glance, this seems like a > bad idea [one I'm not thrilled about anyway]. However, given our user > requests and since cgiwrap can check for symlinks and ../, is allowing > users the capability to store subdir cgi a bad thing? Are there other > issues at hand? Can someone give a practical counter example? The only issue that I can think of occurs when your cgi-bin directory is a subdirectory to your public_html directory (which unfortunately is the default). On servers like that, I'll touch index.html in their directory, so that the server won't give a listing of their files. With multiple directories, you'd want to do this for every directory. Unfortunately, this is only fixing one symptom of a larger problem -- anyone can still read your files if they know the name of them, it just makes it harder for them to figure out the names of the files. So, yes, there's sort of a problem, but if you have that problem, you have an even bigger issue to deal with. ----- Joe Hourcle |
