Re: enabling suexec with debian apache [solved]
> > One important point about cgiwrap - the current debian package puts the
> > user cgis in ~user/public_html/cgi-bin instead of ~user/cgi-bin. I've
> > filed a bug about it. It's bad security for cgis and their associated
> > datafiles to be web-readable. Yes, I know security through obscurity
> > isn't really security, but we should at least make the black hats work a
> > little to get at the cgi source.
>
And how can you set up /home/<user>/cgi-bin to be web-executable if you
cannot describe it with a web url?
And another thing I have been running circles around is:
- how can I protect data files from being read from the filesystem,
which should be readable from the web, but only after authentication?
Since they should be http-served, they should be world-readable... Then
how can I prevent anyone from reading them on the webserver system itself?
Robert Varga
Reply to: