Re: [GENERAL] cgi with postgres

On Fri, Jan 14, 2000 at 04:55:02PM -0400, Jeff MacDonald wrote:
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>

First off, if the server is set up correctly a casual user should not be
able to browse the cgi-bin directory and see your code.

I'm not sure what server you are creating your scripts on, but if it is
Apache and mod_perl is available to you then this is even better.  You
can create a handler in mod_perl for a "pseudo-directory" and hide your
code that way.

However, as I said in my first paragraph this should not be necessary as
normally web browsers can't browse the cgi-bin directory anyway and your
cgi-script should just send back to the browser html code and not the
perl code itself.  Unless something is very very wrong....


--
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L. Berghold                        Peter@Berghold.Net
"Linux renders ships                     http://www.berghold.net
 NT renders ships useless...."