[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: password-protected cgi-bin directory?


On Mon, Sep 22, 2008 at 10:06:35AM +0200, Andreas Tille wrote:
> I wonder what might be the apropriate implementation in Debian because
> I do not know that there is anything like a "password-protected cgi-bin
> directory".  Has anybody solved a similar problem or is there some
> advise to do this reasonably?

my advice is that you put the "cgi-bin" binaries in a directory solely for
your own package, i.e. /usr/lib/<pkg>/cgi-bin .  then you can set up a
default htaccess file and apache configuration under etc and leave it to the
admin to configure it (or do so via debconf if you want to be fancy).

i would strongly recommend against putting anything in /usr/lib/cgi-bin,
as use of this directory should be deprecated[1].


[1] yes, i know that (normal, not webapps) policy still points at it and some 
    packages may still use it, but it should go away regardless.


Attachment: signature.asc
Description: Digital signature

Reply to: