Re: [GENERAL] cgi with postgres

Поиск
Список
Период
Сортировка
От Peter L. Berghold
Тема Re: [GENERAL] cgi with postgres
Дата
Msg-id 20000114161954.A9728@uboat.berghold.net
обсуждение исходный текст
Ответ на cgi with postgres  (Jeff MacDonald <jeff@hub.org>)
Список pgsql-general
On Fri, Jan 14, 2000 at 04:55:02PM -0400, Jeff MacDonald wrote:
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>

First off, if the server is set up correctly a casual user should not be
able to browse the cgi-bin directory and see your code.

I'm not sure what server you are creating your scripts on, but if it is
Apache and mod_perl is available to you then this is even better.  You
can create a handler in mod_perl for a "pseudo-directory" and hide your
code that way.

However, as I said in my first paragraph this should not be necessary as
normally web browsers can't browse the cgi-bin directory anyway and your
cgi-script should just send back to the browser html code and not the
perl code itself.  Unless something is very very wrong....


--
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L. Berghold                        Peter@Berghold.Net
"Linux renders ships                     http://www.berghold.net
 NT renders ships useless...."

В списке pgsql-general по дате отправления:

Предыдущее
От: Jeff MacDonald
Дата:
Сообщение: cgi with postgres
Следующее
От: Alfred Perlstein
Дата:
Сообщение: Re: [GENERAL] cgi with postgres