| From: | "Peter L(dot) Berghold" <peter(at)berghold(dot)net> |
|---|---|
| To: | Jeff MacDonald <jeff(at)hub(dot)org>, pgsql-general(at)hub(dot)org |
| Subject: | Re: [GENERAL] cgi with postgres |
| Date: | 2000-01-14 21:19:54 |
| Message-ID: | 20000114161954.A9728@uboat.berghold.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Jan 14, 2000 at 04:55:02PM -0400, Jeff MacDonald wrote:
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
First off, if the server is set up correctly a casual user should not be
able to browse the cgi-bin directory and see your code.
I'm not sure what server you are creating your scripts on, but if it is
Apache and mod_perl is available to you then this is even better. You
can create a handler in mod_perl for a "pseudo-directory" and hide your
code that way.
However, as I said in my first paragraph this should not be necessary as
normally web browsers can't browse the cgi-bin directory anyway and your
cgi-script should just send back to the browser html code and not the
perl code itself. Unless something is very very wrong....
--
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L. Berghold Peter(at)Berghold(dot)Net
"Linux renders ships http://www.berghold.net
NT renders ships useless...."
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike Mascari | 2000-01-14 21:42:58 | Re: [GENERAL] cgi with postgres |
| Previous Message | Jeff MacDonald | 2000-01-14 20:55:02 | cgi with postgres |