Re: enabling suexec with debian apache [solved]

To: Adam Shand <larry@alaska.net>
Cc: Joe Block <jpb@creol.ucf.edu>, Debian User List <debian-user@lists.debian.org>
Subject: Re: enabling suexec with debian apache [solved]
From: Robert Varga <robi@piros.zold.net>
Date: Sat, 26 Feb 2000 17:22:52 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.1000226171755.20274A-100000@piros.zold.net>
In-reply-to: <[🔎] Pine.LNX.4.21.0002221143300.1956-100000@heyzeus.alaska.net>


> > One important point about cgiwrap - the current debian package puts the
> > user cgis in ~user/public_html/cgi-bin instead of ~user/cgi-bin. I've
> > filed a bug about it.  It's bad security for cgis and their associated
> > datafiles to be web-readable.  Yes, I know security through obscurity
> > isn't really security, but we should at least make the black hats work a
> > little to get at the cgi source.
> 
 
And how can you set up /home/<user>/cgi-bin to be web-executable if you
cannot describe it with a web url?

And another thing I have been running circles around is:

-  how can I protect data files from being read from the filesystem,
which should be readable from the web, but only after authentication?
Since they should be http-served, they should be world-readable... Then
how can I prevent anyone from reading them on the webserver system itself?

Robert Varga

Reply to:

Follow-Ups:
- Re: enabling suexec with debian apache [solved]
  - From: Adam Shand <larry@alaska.net>
- Re: enabling suexec with debian apache [solved]
  - From: John Pearson <huiac@camtech.net.au>
- Re: enabling suexec with debian apache [solved]
  - From: Joe Block <jpb@creol.ucf.edu>

References:
- Re: enabling suexec with debian apache [solved]
  - From: Adam Shand <larry@alaska.net>

Prev by Date: Re: My Server Time gains too fast.
Next by Date: putting ipchains rules in /etc/diald/ip-up ?
Previous by thread: Re: enabling suexec with debian apache [solved]
Next by thread: Re: enabling suexec with debian apache [solved]
Index(es):
- Date
- Thread